Validator.isValidSafeHTML() is vulnerable as per CVE-2023-4780 #836
Adwait-Joshi94
started this conversation in
General
Replies: 1 comment
-
|
https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin12.pdf Security Bulletin should provide information being requested. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi Team,
Our organization has filed security finding in our application because of usagae of ESAPI open source library in our application. Based on investigation, finding is filed because of CVE-2023-4780, presence of method Validator.isValidSafeHTML(). As per GHSA-r68h-jhhj-9jvm , this method will be deleted in next one year. We would like to know in which release this method will be deleted and if there is any short term remediation through which we can resolve this finding?
Thanks,
Adwait Joshi
Beta Was this translation helpful? Give feedback.
All reactions