Known Vulnerabilities for products from Owasp
Listed below are 17 of the newest known vulnerabilities associated with the vendor "Owasp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24891 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-04-27 | 2023-06-23 |
| CVE-2022-23457 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-04-25 | 2023-02-23 |
| CVE-2021-42575 | The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPT... | 9.8 - CRITICAL | 2021-10-18 | 2023-02-24 |
| CVE-2021-35368 | OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body ... | 9.8 - CRITICAL | 2021-11-05 | 2023-11-07 |
| CVE-2021-28490 | In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token. | 8.8 - HIGH | 2021-08-19 | 2021-08-24 |
| CVE-2021-23900 | OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead t... | 7.5 - HIGH | 2021-01-13 | 2021-01-19 |
| CVE-2021-23899 | OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an... | 9.8 - CRITICAL | 2021-01-13 | 2021-01-19 |
| CVE-2020-22669 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-09-02 | 2023-02-16 |
| CVE-2020-13973 | OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another su... | 6.1 - MEDIUM | 2020-06-09 | 2020-06-12 |
| CVE-2019-1020007 | Dependency-Track before 3.5.1 allows XSS. | 5.4 - MEDIUM | 2019-07-29 | 2020-02-13 |
| CVE-2018-16384 | A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 ... | 7.5 - HIGH | 2018-09-03 | 2023-01-30 |
| CVE-2018-12036 | OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory t... | 7.8 - HIGH | 2018-06-07 | 2018-07-27 |
| CVE-2013-5960 | The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) ... | 5.8 - MEDIUM | 2013-09-30 | 2019-02-04 |
| CVE-2013-5679 | The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) ... | 2.6 - LOW | 2013-09-30 | 2016-05-06 |
| CVE-2010-3300 | It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. | 5.9 - MEDIUM | 2021-06-22 | 2021-06-25 |
| CVE-2007-4385 | OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests inst... | 6.8 - MEDIUM | 2007-08-17 | 2018-10-15 |
| CVE-2006-3841 | Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 ... | 2.6 - LOW | 2006-07-25 | 2018-10-17 |
Known software with vulnerabilities from Owasp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Owasp | Dependency-check | 0.2.0 |
| Application | Owasp | Dependency-track | - |
| Application | Owasp | Enterprise Security Api | 2.0 |
| Application | Owasp | Json-sanitizer | 1.0 |