Redhat Hibernate Validator vulnerabilities

5 known vulnerabilities affecting redhat/hibernate_validator.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1

CVE-2025-35036MEDIUMCVSS 6.9fixed in 6.2.02025-06-03

CVE-2025-35036 [MEDIUM] CVE-2025-35036: Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint vi

CVE-2020-10693MEDIUMCVSS 5.3≥ 5.0.0, < 6.0.20≥ 6.1.2, < 6.1.5+1 more2020-05-06

CVE-2020-10693 [MEDIUM] CWE-20 CVE-2020-10693: A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation proc A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

CVE-2019-10219MEDIUMCVSS 6.1fixed in 6.0.18v6.1.02019-11-08

CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

CVE-2017-7536HIGHCVSS 7.0≥ 5.2.0, < 5.2.5≥ 5.3.0, < 5.3.6+1 more2018-01-10

CVE-2017-7536 [HIGH] CWE-592 CVE-2017-7536: In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the securi In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permi

CVE-2014-3558MEDIUMCVSS 5.0≥ 4.3.0, < 4.3.2≥ 5.0.0, ≤ 5.0.3+3 more2014-09-30

CVE-2014-3558 [MEDIUM] CWE-264 CVE-2014-3558: ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.