A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
Metrics
Affected Vendors & Products
References
History
Sat, 23 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-1286 |
Thu, 07 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
ssvc
|
Thu, 07 Nov 2024 10:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | hibernate-validator: rendering of invalid html with SafeHTML leads to HTML injection and XSS | Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss |
First Time appeared |
Redhat
Redhat a Mq Clients Redhat amq Broker Redhat amq Online Redhat amq Streams Redhat cryostat Redhat jboss Data Grid Redhat jboss Data Virtualization Redhat jboss Developer Studio Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Application Platform Cd Redhat jboss Enterprise Bpms Platform Redhat jboss Enterprise Brms Platform Redhat jboss Enterprise Soa Platform Redhat jboss Fuse Redhat jboss Fuse Service Works Redhat jboss Operations Network Redhat openshift Application Runtimes Redhat openstack Redhat red Hat Single Sign On Redhat satellite |
|
CPEs | cpe:/a:redhat:a_mq_clients:2 cpe:/a:redhat:amq_broker:7 cpe:/a:redhat:amq_online:1 cpe:/a:redhat:amq_streams:1 cpe:/a:redhat:cryostat:2 cpe:/a:redhat:jboss_data_grid:7 cpe:/a:redhat:jboss_data_grid:8 cpe:/a:redhat:jboss_data_virtualization:6 cpe:/a:redhat:jboss_developer_studio:12. cpe:/a:redhat:jboss_enterprise_application_platform:5 cpe:/a:redhat:jboss_enterprise_application_platform:6 cpe:/a:redhat:jboss_enterprise_application_platform:7 cpe:/a:redhat:jboss_enterprise_application_platform_cd cpe:/a:redhat:jboss_enterprise_bpms_platform:6 cpe:/a:redhat:jboss_enterprise_bpms_platform:7 cpe:/a:redhat:jboss_enterprise_brms_platform:5 cpe:/a:redhat:jboss_enterprise_brms_platform:7 cpe:/a:redhat:jboss_enterprise_soa_platform:5 cpe:/a:redhat:jboss_fuse:6 cpe:/a:redhat:jboss_fuse:7 cpe:/a:redhat:jboss_fuse_service_works:6 cpe:/a:redhat:jboss_operations_network:3 cpe:/a:redhat:openshift_application_runtimes:1.0 cpe:/a:redhat:openstack:10 cpe:/a:redhat:openstack:13 cpe:/a:redhat:red_hat_single_sign_on:7 cpe:/a:redhat:satellite:6 |
|
Vendors & Products |
Redhat
Redhat a Mq Clients Redhat amq Broker Redhat amq Online Redhat amq Streams Redhat cryostat Redhat jboss Data Grid Redhat jboss Data Virtualization Redhat jboss Developer Studio Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Application Platform Cd Redhat jboss Enterprise Bpms Platform Redhat jboss Enterprise Brms Platform Redhat jboss Enterprise Soa Platform Redhat jboss Fuse Redhat jboss Fuse Service Works Redhat jboss Operations Network Redhat openshift Application Runtimes Redhat openstack Redhat red Hat Single Sign On Redhat satellite |
|
References |
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-11-07T10:00:51.745Z
Updated: 2024-11-07T14:09:26.936Z
Reserved: 2023-04-06T20:10:01.569Z
Link: CVE-2023-1932
Vulnrichment
Updated: 2024-11-07T14:09:22.459Z
NVD
Status : Awaiting Analysis
Published: 2024-11-07T10:15:04.507
Modified: 2024-11-08T19:01:03.880
Link: CVE-2023-1932
Redhat