{"vulnerability": "CVE-2022-23457", "sightings": [{"uuid": "694983f4-7931-4e53-857d-03a1c64c11d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23457", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwpcborrcq2c", "content": "", "creation_timestamp": "2025-08-18T21:02:44.889084Z"}, {"uuid": "4970caca-2682-423a-8427-d50c35150093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23457", "type": "seen", "source": "https://t.me/cibsecurity/41416", "content": "\u203c CVE-2022-23457 \u203c\n\nESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-26T00:36:24.000000Z"}]}