CVE-2019-10219: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

January 8, 2020 (updated May 14, 2024)

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

References

github.com/advisories/GHSA-m8p2-495h-ccmh
github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee
github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe
nvd.nist.gov/vuln/detail/CVE-2019-10219

Code Behaviors & Features

Detect and mitigate CVE-2019-10219 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →