CVE-2019-10219 (Medium) detected in hibernate-validator-6.0.18.Final.jar #2
Description
CVE-2019-10219 - Medium Severity Vulnerability
Vulnerable Library - hibernate-validator-6.0.18.Final.jar
Hibernate's Bean Validation (JSR-380) reference implementation.
Library home page: http://hibernate.org/validator/
Path to dependency file: /tmp/ws-scm/QRCode-API/pom.xml
Path to vulnerable library: /root/.m2/repository/org/hibernate/validator/hibernate-validator/6.0.18.Final/hibernate-validator-6.0.18.Final.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-validation-2.2.2.RELEASE.jar
- ❌ hibernate-validator-6.0.18.Final.jar (Vulnerable Library)
- spring-boot-starter-validation-2.2.2.RELEASE.jar
Found in HEAD commit: e042483a1101a95fe85abeeacf0ef87f1bae5d5b
Vulnerability Details
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Publish Date: 2019-11-08
URL: CVE-2019-10219
CVSS 2 Score Details (4.3)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10219
Release Date: 2019-11-08
Fix Resolution: 6.1.0.Final
Step up your Open Source Security Game with WhiteSource here