Описание
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libhibernate-validator-java | unfixed | package | ||
| libhibernate-validator-java | ignored | trixie | package | |
| libhibernate-validator-java | ignored | bookworm | package | |
| libhibernate-validator-java | no-dsa | bullseye | package | |
| libhibernate-validator-java | not-affected | buster | package | |
| libhibernate-validator-java | not-affected | stretch | package | |
| libhibernate-validator-java | not-affected | jessie | package | |
| libhibernate-validator4-java | not-affected | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=1738673
https://hibernate.atlassian.net/browse/HV-1739
Fixed by https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee
EPSS
Связанные уязвимости
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
Уязвимость валидатора SafeHtml библиотеки Hibernate Validator, позволяющая нарушителю проводить межсайтовые сценарные атаки
EPSS