You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/validator/hibernate-validator/6.0.14.Final/hibernate-validator-6.0.14.Final.jar
A vulnerability was found in hibernate-validator version 6.1.2.Final, where the method 'isValid' in the class org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator can by bypassed by omitting the tag end (less than sign). Browsers typically still render the invalid html which leads to attacks like HTML injection and Cross-Site-Scripting.
CVE-2023-1932 - Medium Severity Vulnerability
Vulnerable Library - hibernate-validator-6.0.14.Final.jar
Hibernate's Bean Validation (JSR-380) reference implementation.
Library home page: http://hibernate.org/validator
Path to dependency file: /src/user-java/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/validator/hibernate-validator/6.0.14.Final/hibernate-validator-6.0.14.Final.jar
Dependency Hierarchy:
Found in HEAD commit: fbc3a9665f7473faa96484a3fa9b058ad82d7e60
Found in base branch: master
Vulnerability Details
A vulnerability was found in hibernate-validator version 6.1.2.Final, where the method 'isValid' in the class org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator can by bypassed by omitting the tag end (less than sign). Browsers typically still render the invalid html which leads to attacks like HTML injection and Cross-Site-Scripting.
Publish Date: 2023-04-07
URL: CVE-2023-1932
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1809444
Release Date: 2023-04-07
Fix Resolution (org.hibernate.validator:hibernate-validator): 6.2.0.CR1
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.3.0.RELEASE
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: