CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious…

medium6.1CVSS 3.1

AVNACLPRNUIRSCCLILAN

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Affected

404 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	libhibernate-validator-java	—	—
debian	libhibernate-validator4-java	—	—
hibernate	hibernate-validator	6.0.0.Alpha1 – 6.0.17.Final	—
hibernate	hibernate-validator	6.1.0.Alpha1 – 6.1.0.Alpha6	—
oracle	access_manager	—	—
oracle	access_manager	—	—
oracle	access_manager	—	—
oracle	agile_engineering_data_management	—	—
oracle	agile_plm	—	—
oracle	agile_plm	—	—
oracle	agile_product_lifecycle_analytics	—	—
oracle	agile_product_lifecycle_management_integration_pack	—	—
oracle	airlines_data_model	—	—
oracle	airlines_data_model	—	—
oracle	application_express	—	—
oracle	application_performance_management	—	—
oracle	application_performance_management	—	—
oracle	application_testing_suite	—	—
oracle	argus_analytics	—	—
oracle	argus_analytics	—	—
oracle	argus_analytics	—	—
oracle	argus_analytics	—	—
oracle	argus_insight	—	—
oracle	argus_insight	—	—
oracle	argus_insight	—	—

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

osv6.1MEDIUM