OWASP patches path traversal flaw
The flaw, which had a security severity rating of 7.5 out of 10 and involved the ESAPI validator interface, can be resolved by applying the patched 22.214.171.124 release.
Yaniv Balmas, VP of Research at Salt Security, notes that while the vulnerability is a relatively moderate one in terms of ease of exploration and potential impact, it highlights an important point related to web and API security:
“There is no 100% security. It is very easy to write vulnerable code especially when it comes to web and API services – if it happens to OWASP – a world leading authority in the domain of web security, it can definitely happen to any of us. That doesn’t mean the OWASP did anything wrong of course, however if you come to this realization its also obvious that a single security control will never be enough, and as many layers will be added to secure your web services the less chances a vulnerable condition may occur.”