GHSA-m8p2-495h-ccmh

Suggest an improvement
Source
https://github.com/advisories/GHSA-m8p2-495h-ccmh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/01/GHSA-m8p2-495h-ccmh/GHSA-m8p2-495h-ccmh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m8p2-495h-ccmh
Aliases
Published
2020-01-08T17:01:52Z
Modified
2024-05-15T05:47:01.869122Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
Details

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

References

Affected packages

Maven / org.hibernate.validator:hibernate-validator

Package

Name
org.hibernate.validator:hibernate-validator
View open source insights on deps.dev
Purl
pkg:maven/org.hibernate.validator/hibernate-validator

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.1.0.Alpha1
Fixed
6.1.0.Alpha6

Affected versions

6.*

6.1.0.Alpha1
6.1.0.Alpha2
6.1.0.Alpha3
6.1.0.Alpha4
6.1.0.Alpha5