1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-M8P2-495H-CCMH

[MAVEN:GHSA-M8P2-495H-CCMH] The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks

Severity Moderate
Affected Packages 1
Fixed Packages 1
CVEs 1
Info Packages References Vulnerabilities

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Package Affected Version
pkg:maven/org.hibernate.validator/hibernate-validator < 6.0.18
Package Fixed Version
pkg:maven/org.hibernate.validator/hibernate-validator = 6.0.18
ID
MAVEN:GHSA-M8P2-495H-CCMH
Severity
moderate
URL
https://github.com/advisories/GHSA-m8p2-495h-ccmh
Published
2020-01-08T17:01:52
(4 years ago)
Modified
2023-02-01T05:02:40
(19 months ago)
Rights
Maven Security Team
Source # ID Name URL
https://nvd.nist.gov/vuln/detail/CVE-2019-10219
https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219
https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe
https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E
https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E
https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E
https://access.redhat.com/errata/RHSA-2020:0159
https://access.redhat.com/errata/RHSA-2020:0160
https://access.redhat.com/errata/RHSA-2020:0161
https://access.redhat.com/errata/RHSA-2020:0164
https://access.redhat.com/errata/RHSA-2020:0445
https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E
https://www.oracle.com/security-alerts/cpujan2022.html
https://security.netapp.com/advisory/ntap-20220210-0024/
https://github.com/advisories/GHSA-m8p2-495h-ccmh
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.hibernate.validator/hibernate-validator org.hibernate.validator hibernate-validator < 6.0.18
Fixed pkg:maven/org.hibernate.validator/hibernate-validator org.hibernate.validator hibernate-validator = 6.0.18
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date