Red Hat Hibernate Validator 5.3.5

CPE Details

Red Hat Hibernate Validator 5.3.5
redhat
hibernate_validator
5.3.5
2018-08-01
14h12 +00:00
2018-08-01
14h12 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:redhat:hibernate_validator:5.3.5:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

hibernate_validator

Version

5.3.5

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-10693 2020-05-06 11h03 +00:00 A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
5.3
Moyen
CVE-2019-10219 2019-11-08 13h46 +00:00 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
6.1
Moyen
CVE-2017-7536 2018-01-10 15h00 +00:00 In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
7
Haute