CVE-2019-10219

Summary

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Affected Software

VendorProductVersion RangeStatus
Hibernatehibernate-validator6.0.0.Alpha1 <= 6.0.17.Finalaffected
Hibernatehibernate-validator6.1.0.Alpha1 <= 6.1.0.Alpha6affected
Hibernatehibernate-validator6.0.18.Final <= 6.0.*unaffected
Hibernatehibernate-validator6.1.0.Final <= *unaffected

Weaknesses

  • CWE-79: CWE-79

ADP Enrichment

CVE Program Container

Additional References

References