CVE assigned for vulnerability in hibernate-validator
This is a note and warning about a vulnerability in hibernate-validator
(CVE-2019-10219). The SafeHtml validator fails to properly sanitize
payloads. This could result in an XSS attack.
The vulnerability has not been fixed yet which means that even the
newest versions of hibernate-validator is vulnerable and all projects
that use it should consider it as a known vulnerability.
This is the bug that I've been mentioning for quite some time during
SECCOM meetings as discovered by one of my team members and reported to
Red Hat but couldn't share any details due to standard 90 embargo period.
I hope that the bug is going to be fixed soon and a simple upgrade of
this library should fix the issue.
1 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219
Samsung R&D Institute Poland