CVE-2022-23457 in GoldenGate Studioinfo

Zusammenfassung (Englisch)

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Zuständig

GitHub, Inc.

Reservieren

19.01.2022

Veröffentlichung

26.04.2022

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

IDSchwachstelleCWEAusMasCVE
226327Oracle GoldenGate Studio Directory Traversal22Nicht definiertOffizieller FixCVE-2022-23457
218750Oracle Health Sciences Empirica Signal Core Directory Traversal22Nicht definiertOffizieller FixCVE-2022-23457
218728Oracle Middleware Common Libraries and Tools Third Party Patch Directory Traversal22Nicht definiertOffizieller FixCVE-2022-23457
211498Oracle Financial Services Analytical Applications Infrastructure Others Directory Traversal22Nicht definiertOffizieller FixCVE-2022-23457
211485Oracle Primavera Unifier User Directory Traversal22Nicht definiertOffizieller FixCVE-2022-23457
204378Oracle WebLogic Server Centralized Third Party Jars Directory Traversal22Nicht definiertOffizieller FixCVE-2022-23457
198512ESAPI Validator.getValidDirectoryPath Directory Traversal22Nicht definiertOffizieller FixCVE-2022-23457

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!