org.hibernate.validator:hibernate-validator

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.hibernate.validator:hibernate-validatorpage 1 of 1

CVE-2019-10219MEDIUMCVSS 6.1EG 6.1✓ Fixed in 6.0.18.Final
2019-11-08
vulnerable: 6.0.0.Alpha1 ... 6.0.9.Final (25 versions)
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS att…
CVE-2020-10693MEDIUMCVSS 5.3EG 5.3✓ Fixed in 6.0.20.Final
2020-05-06
vulnerable: 6.0.0.Alpha1 ... 6.0.9.Final (27 versions)
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping…
CVE-2023-1932MEDIUMCVSS 6.1EG 6.1✓ Fixed in 6.2.0.Final
2024-11-07
vulnerable: 6.0.0.Alpha1 ... 6.2.0.CR1 (46 versions)
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may ren…

Check whether org.hibernate.validator:hibernate-validator is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.hibernate.validator:hibernate-validator CVEs against the assets you own.

Start Free Scan →