Home > Vulnerability Database > CVE-2019-10219

Mend.io Vulnerability Database

CVE-2019-10219

Good to know:

Date: November 8, 2019

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Language: Java

Severity Score

6.1

Related Resources (30)

Url: https://security.netapp.com/advisory/ntap-20220210-0024

Url: https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E

Url: https://github.com/hibernate/hibernate-validator

Url: https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E

Url: https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee

Url: https://access.redhat.com/errata/RHSA-2020:0159

Url: https://www.oracle.com/security-alerts/cpujan2022.html

Url: https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E

Url: https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E

Url: https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe

Url: https://access.redhat.com/errata/RHSA-2020:0160

Url: https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E

Url: https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E

Url: https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E

Url: https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E

Url: https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee

Url: https://access.redhat.com/errata/RHSA-2020:0161

Url: https://access.redhat.com/errata/RHSA-2020:0164

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219

Url: https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E

Url: https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E

Url: https://access.redhat.com/errata/RHSA-2020:0445

Url: https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E

Url: https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit

Url: https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219

Url: https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E

Url: https://security-tracker.debian.org/tracker/CVE-2019-10219

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-10219

Url: https://security.netapp.com/advisory/ntap-20220210-0024/

Url: https://www.mend.io/vulnerability-database/CVE-2019-10219

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version org.hibernate:hibernate-validator:6.1.0.Alpha6;org.hibernate:hibernate-validator:6.0.18.Final;org.hibernate.validator:hibernate-validator:6.0.18.Final;org.hibernate.validator:hibernate-validator:6.1.0.Alpha6

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-10219

Good to know:

Date: November 8, 2019

Language: Java

Severity Score

Related Resources (30)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?