1. Ubuntu Security Notices
  2. USN-8181-1

USN-8181-1: ESAPI vulnerabilities

Publication date

16 April 2026

Overview

Several security issues were fixed in ESAPI.

Releases

Packages

Details

Jaroslav Lobačevski discovered that ESAPI incorrectly validated directory
paths during path verification. An attacker could possibly use this issue
to bypass directory validation checks, leading to control-flow bypass. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS. (CVE-2022-23457)

Kevin W. Wall and Sebastian Passaro discovered that ESAPI did not properly
sanitize javascript URLs because of an incorrect regular expression. An
attacker could possibly use this issue to perform a cross-site scripting
attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu
20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-24891)

Longlong Gong discovered that ESAPI did not properly neutralize special
elements during SQL injection defense. A remote attacker could possibly use
this issue to perform SQL...

Jaroslav Lobačevski discovered that ESAPI incorrectly validated directory
paths during path verification. An attacker could possibly use this issue
to bypass directory validation checks, leading to control-flow bypass. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS. (CVE-2022-23457)

Kevin W. Wall and Sebastian Passaro discovered that ESAPI did not properly
sanitize javascript URLs because of an incorrect regular expression. An
attacker could possibly use this issue to perform a cross-site scripting
attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu
20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-24891)

Longlong Gong discovered that ESAPI did not properly neutralize special
elements during SQL injection defense. A remote attacker could possibly use
this issue to perform SQL injection. (CVE-2025-5878)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.04 LTS noble libowasp-esapi-java –  2.4.0.0-2ubuntu0.1
22.04 LTS jammy libowasp-esapi-java –  2.2.3.1-1ubuntu0.1~esm1  
libowasp-esapi-java-doc –  2.2.3.1-1ubuntu0.1~esm1  
20.04 LTS focal libowasp-esapi-java –  2.1.0-3ubuntu0.20.04.1~esm1  
libowasp-esapi-java-doc –  2.1.0-3ubuntu0.20.04.1~esm1  
18.04 LTS bionic libowasp-esapi-java –  2.1.0-3ubuntu0.18.04.1~esm1  
libowasp-esapi-java-doc –  2.1.0-3ubuntu0.18.04.1~esm1  
16.04 LTS xenial libowasp-esapi-java –  2.1.0-2ubuntu0.1~esm1  
libowasp-esapi-java-doc –  2.1.0-2ubuntu0.1~esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›