OESA-2021-1138

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1138
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1138.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2021-1138
Upstream
Published
2021-04-07T11:02:48Z
Modified
2025-08-12T05:04:53.171574Z
Summary
hibernate-validator security update
Details

This is the reference implementation of JSR-349 - Bean Validation 1.1. Bean Validation defines a meta-data model and API for JavaBean as well as method validation. The default meta-data source are annotations, with the ability to override and extend the meta-data through the use of XML validation descriptors.

Security Fix(es):

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.(CVE-2020-10693)

Database specific
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / hibernate-validator

Package

Name
hibernate-validator
Purl
pkg:rpm/openEuler/hibernate-validator&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.4-3.oe1

Ecosystem specific

{
    "src": [
        "hibernate-validator-5.2.4-3.oe1.src.rpm"
    ],
    "noarch": [
        "hibernate-validator-annotation-processor-5.2.4-3.oe1.noarch.rpm",
        "hibernate-validator-cdi-5.2.4-3.oe1.noarch.rpm",
        "hibernate-validator-performance-5.2.4-3.oe1.noarch.rpm",
        "hibernate-validator-5.2.4-3.oe1.noarch.rpm",
        "hibernate-validator-parent-5.2.4-3.oe1.noarch.rpm",
        "hibernate-validator-javadoc-5.2.4-3.oe1.noarch.rpm",
        "hibernate-validator-test-utils-5.2.4-3.oe1.noarch.rpm"
    ]
}