mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
CVE-2019-10219 - Medium Severity Vulnerability
Hibernate's Bean Validation (JSR-380) reference implementation.
Library home page: http://hibernate.org/validator
Path to dependency file: /commons/pac-api-commons/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/validator/hibernate-validator/6.0.11.Final/hibernate-validator-6.0.11.Final.jar,/home/wss-scanner/.m2/repository/org/hibernate/validator/hibernate-validator/6.0.11.Final/hibernate-validator-6.0.11.Final.jar
Dependency Hierarchy: - spring-boot-starter-web-2.0.4.RELEASE.jar (Root Library) - :x: **hibernate-validator-6.0.11.Final.jar** (Vulnerable Library)
Found in HEAD commit: acf9a0620c1a37cee4f2896d71e1c3731c5c7b06
Found in base branch: master
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Publish Date: 2019-11-08
URL: CVE-2019-10219
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10219
Release Date: 2019-11-08
Fix Resolution (org.hibernate.validator:hibernate-validator): 6.0.18.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.1.10.RELEASE