Validator.isValidSafeHTML() is vulnerable as per CVE-2023-4780

[Adwait-Joshi94]

Hi Team,

Our organization has filed security finding in our application because of usagae of ESAPI open source library in our application. Based on investigation, finding is filed because of CVE-2023-4780, presence of method Validator.isValidSafeHTML(). As per GHSA-r68h-jhhj-9jvm , this method will be deleted in next one year. We would like to know in which release this method will be deleted and if there is any short term remediation through which we can resolve this finding?

Thanks,
Adwait Joshi

[jeremiahjstacey]

https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin12.pdf

Security Bulletin should provide information being requested.