CVE-2019-10219

CWE-79 — Cross-site Scripting (XSS)9 documents8 sources

Severity

6.1MEDIUM

EPSS

1.7%

top 17.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

176

Oracle Essbase Oracle Essbase Administration Services Oracle Goldengate +173 more

Timeline

PublishedNov 8

Latest updateJan 15

Description

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages178 packages

▶NVDredhat/hibernate_validator< 6.0.18+1

▶Mavenorg.hibernate:hibernate-validator6.1.0.Alpha1 — 6.1.0.Alpha6+1

▶Mavenorg.hibernate.validator:hibernate-validator6.1.0.Alpha1 — 6.1.0.Alpha6+1

▶CVEListV5hibernate/hibernate-validator6.0.0.Alpha1 — 6.0.17.Final+1

▶NVDoracle/healthcare_foundation7.3.0.0 — 7.3.0.2+3

🔴Vulnerability Details

OSV

The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks↗2020-01-08

▶

GHSA

The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks↗2020-01-08

▶

CVEList

CVE-2019-10219: A vulnerability was found in Hibernate-Validator↗2019-11-08

▶

OSV

CVE-2019-10219: A vulnerability was found in Hibernate-Validator↗2019-11-08

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Web Services (JBoss Enterprise Application Platform) — CVE-2019-10219↗2022-01-15

▶

Red Hat

hibernate-validator: safeHTML validator allows XSS↗2019-08-28

▶

Debian

CVE-2019-10219: libhibernate-validator-java - A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotat...↗2019

▶

💬Community

Bugzilla

CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS↗2019-08-07

▶