Description
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Published: 2019-11-08
Score: 6.1 Medium
EPSS: 1.7% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2020-0269 The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
Github GHSA Github GHSA GHSA-m8p2-495h-ccmh The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
References
Link Providers
https://access.redhat.com/errata/RHSA-2020:0159 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0160 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0161 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0164 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0445 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 cve-icon cve-icon
https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee cve-icon cve-icon cve-icon
https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee cve-icon
https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe cve-icon cve-icon cve-icon
https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219 cve-icon cve-icon
https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit cve-icon cve-icon
https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-10219 cve-icon
https://security.netapp.com/advisory/ntap-20220210-0024/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-10219 cve-icon
https://www.oracle.com/security-alerts/cpujan2022.html cve-icon cve-icon

Subscriptions

Netapp Active Iq Unified Manager Element Management Services For Element Software And Netapp Hci Snapcenter Plug-in
Oracle Access Manager Agile Engineering Data Management Agile Plm Agile Product Lifecycle Analytics Agile Product Lifecycle Management Integration Pack Airlines Data Model Application Express Application Performance Management Application Testing Suite Argus Analytics Argus Insight Argus Safety Banking Apis Banking Deposits And Lines Of Credit Servicing Banking Digital Experience Banking Enterprise Default Management Banking Enterprise Default Managment Banking Loans Servicing Banking Party Management Banking Platform Bi Publisher Big Data Spatial And Graph Business Activity Monitoring Business Intelligence Business Process Management Suite Clinical Commerce Guided Search Commerce Platform Communications Application Session Controller Communications Billing And Revenue Management Communications Billing And Revenue Management Elastic Charging Engine Communications Calendar Server Communications Cloud Native Core Automated Test Suite Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Console Communications Cloud Native Core Network Function Cloud Native Environment Communications Cloud Native Core Network Repository Function Communications Cloud Native Core Policy Communications Cloud Native Core Security Edge Protection Proxy Communications Cloud Native Core Service Communication Proxy Communications Cloud Native Core Unified Data Repository Communications Contacts Server Communications Converged Application Server - Service Controller Communications Convergence Communications Convergent Charging Controller Communications Data Model Communications Design Studio Communications Diameter Signaling Route Communications Eagle Application Processor Communications Instant Messaging Server Communications Interactive Session Recorder Communications Messaging Server Communications Metasolv Solution Communications Network Charging And Control Communications Network Integrity Communications Offline Mediation Controller Communications Operations Monitor Communications Pricing Design Center Communications Service Broker Communications Services Gatekeeper Communications Session Border Controller Communications Unified Inventory Management Communications Webrtc Session Controller Data Integrator Database Server Demantra Demand Management Documaker E-business Suite Enterprise Communications Broker Enterprise Data Quality Enterprise Manager Base Platform Enterprise Manager Ops Center Enterprise Session Border Controller Essbase Essbase Administration Services Financial Services Analytical Applications Infrastructure Financial Services Behavior Detection Platform Financial Services Enterprise Case Management Financial Services Foreign Account Tax Compliance Act Management Financial Services Model Management And Governance Financial Services Trade-based Anti Money Laundering Flexcube Investor Servicing Flexcube Private Banking Fujitsu M10-1 Fujitsu M10-1 Firmware Fujitsu M10-4 Fujitsu M10-4 Firmware Fujitsu M10-4s Fujitsu M10-4s Firmware Fujitsu M12-1 Fujitsu M12-1 Firmware Fujitsu M12-2 Fujitsu M12-2 Firmware Fujitsu M12-2s Fujitsu M12-2s Firmware Fusion Middleware Fusion Middleware Mapviewer Goldengate Goldengate Application Adapters Graalvm Graph Server And Client Health Sciences Clinical Development Analytics Health Sciences Inform Crf Submit Health Sciences Information Manager Healthcare Data Repository Healthcare Foundation Healthcare Translational Research Hospitality Cruise Shipboard Property Management System Hospitality Opera 5 Property Services Hospitality Reporting And Analytics Hospitality Suite8 Http Server Hyperion Financial Management Hyperion Ilearning Hyperion Infrastructure Technology Instantis Enterprisetrack Insurance Data Gateway Insurance Insbridge Rating And Underwriting Insurance Policy Administration Insurance Policy Administration J2ee Insurance Rules Palette Java Se Jd Edwards Enterpriseone Orchestrator Jdk Managed File Transfer Mysql Cluster Mysql Connectors Mysql Server Mysql Workbench Nosql Database Oss Support Tools Peoplesoft Enterprise Cs Sa Integration Pack Peoplesoft Enterprise People Tools Peoplesoft Enterprise Peopletools Policy Automation Primavera Analytics Primavera Data Warehouse Primavera Gateway Primavera P6 Enterprise Project Portfolio Management Primavera P6 Professional Project Management Primavera Portfolio Management Primavera Unifier Rapid Planning Real-time Decision Server Real User Experience Insight Rest Data Services Retail Allocation Retail Analytics Retail Assortment Planning Retail Back Office Retail Central Office Retail Customer Insights Retail Customer Management And Segmentation Foundation Retail Eftlink Retail Extract Transform And Load Retail Financial Integration Retail Fiscal Management Retail Integration Bus Retail Invoice Matching Retail Merchandising System Retail Order Broker Retail Order Management System Retail Point-of-sale Retail Predictive Application Server Retail Price Management Retail Returns Management Retail Service Backbone Retail Size Profile Optimization Retail Xstore Point Of Service Sd-wan Aware Sd-wan Edge Secure Backup Siebel Applications Solaris Spatial Studio Thesaurus Management System Timesten In-memory Database Utilities Framework Utilities Testing Accelerator Vm Virtualbox Webcenter Portal Weblogic Server Zfs Storage Appliance Kit Zfs Storage Application Integration Engineering Software
Redhat Enterprise Linux Fuse Hibernate Validator Jboss Data Grid Jboss Enterprise Application Platform Jboss Fuse Jboss Single Sign On Openshift Application Runtimes Satellite Satellite Capsule Single Sign-on
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-07-07T13:55:51.360Z

Reserved: 2019-03-27T00:00:00.000Z

Link: CVE-2019-10219

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-08T15:15:11.157

Modified: 2025-07-07T14:15:21.437

Link: CVE-2019-10219

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-08-28T00:00:00Z

Links: CVE-2019-10219 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses