CVE-2019-10219

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10219
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10219.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10219
Aliases
Downstream
Published
2019-11-08T15:15:11.157Z
Modified
2026-03-03T01:13:03.477405Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

References

Affected packages

Git
github.com/graalvm/graalvm-ce-builds

Affected ranges

Type
GIT
Repo
https://github.com/graalvm/graalvm-ce-builds
Events
Introduced
bf5e41160a6e5e4caf382f7533deae1258523e68
Fixed
2b9eb103d1668cf5eac22fe85bdad7513681d9e3

Affected versions

vm-19.*
vm-19.3.6
vm-20.*
vm-20.3.1.2
vm-20.3.2
vm-20.3.3
vm-20.3.4
vm-21.*
vm-21.0.0
vm-21.0.0.2
vm-21.1.0
vm-21.2.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10219.json"
github.com/hibernate/hibernate-validator

Affected ranges

Type
GIT
Repo
https://github.com/hibernate/hibernate-validator
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
124b7dd6d9a4ad24d4d49f74701f05a13e56cee
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
124b7dd6d9a4ad24d4d49f74701f05a13e56ceee
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
20d729548511ac5cff6fd459f93de137195420fe

Affected versions

4.*
4.2.0.Beta1
4.2.0.Beta2
4.2.0.CR1
4.2.0.Final
4.3.0.Alpha1
4.3.0.Beta1
4.3.0.CR1
4.3.0.Final
5.*
5.0.0.Alpha1
5.0.0.Alpha2
5.0.0.Beta1
5.0.0.CR1
5.0.0.CR2
5.0.0.CR3
5.0.0.CR4
5.0.0.CR5
5.0.0.Final
5.0.1.Final
5.1.0.Alpha1
5.1.0.Beta1
5.1.0.CR1
5.1.0.Final
5.1.1.Final
5.2.0.Alpha1
5.2.0.Beta1
5.2.0.CR1
5.2.0.Final
5.2.1.Final
5.2.2.Final
5.3.0.Alpha1
6.*
6.0.0.Alpha1
6.0.0.Alpha2
6.0.0.Beta1
6.0.0.Beta2
6.0.0.CR1
6.0.0.CR2
6.0.0.CR3
6.0.1.Final
6.0.10.Final
6.0.11.Final
6.0.12.Final
6.0.13.Final
6.0.14.Final
6.0.15.Final
6.0.16.Final
6.0.17.Final
6.0.2.Final
6.0.3.Final
6.0.4.Final
6.0.5.Final
6.0.6.Final
6.0.7.Final
6.0.8.Final
6.0.9.Final
6.1.0.Alpha1
6.1.0.Alpha2
6.1.0.Alpha3
6.1.0.Alpha4
6.1.0.Alpha5
6.1.0.Alpha6
Other
pre-validator3-removal

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10219.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "175043693980931391946325472196901261982",
            "length": 316.0
        },
        "source": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe",
        "signature_type": "Function",
        "id": "CVE-2019-10219-5b89fcb2",
        "target": {
            "file": "engine/src/main/java/org/hibernate/validator/internal/constraintvalidators/hv/SafeHtmlValidator.java",
            "function": "getFragmentAsDocument"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "219734075697535224167509490062382763198",
                "272235756869937729781175432290978856671",
                "19237373970343524998363841477038877680"
            ]
        },
        "source": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe",
        "signature_type": "Line",
        "id": "CVE-2019-10219-a0016ec7",
        "target": {
            "file": "engine/src/test/java/org/hibernate/validator/test/internal/constraintvalidators/hv/SafeHtmlValidatorTest.java"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "219734075697535224167509490062382763198",
                "272235756869937729781175432290978856671",
                "19237373970343524998363841477038877680"
            ]
        },
        "source": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee",
        "signature_type": "Line",
        "id": "CVE-2019-10219-a5349e36",
        "target": {
            "file": "engine/src/test/java/org/hibernate/validator/test/internal/constraintvalidators/hv/SafeHtmlValidatorTest.java"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "94562007974873113223383557043872720899",
                "112087544803190870516689888295945294808",
                "306980318626675673733768057349926802933",
                "296282881808670362458754500533165760262",
                "130807650095190493876245857859802937574",
                "112083924863206343392818469090430142738",
                "194503736757800232895612025996828768976",
                "311316402218926050600670133194639076070",
                "331227458559397502816808246571490931361",
                "336226852424949880660456654843462642296",
                "208244545094952328228448506877135837577",
                "105705860365403714807158576657335853075"
            ]
        },
        "source": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee",
        "signature_type": "Line",
        "id": "CVE-2019-10219-cc8f641a",
        "target": {
            "file": "engine/src/main/java/org/hibernate/validator/internal/constraintvalidators/hv/SafeHtmlValidator.java"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "175043693980931391946325472196901261982",
            "length": 316.0
        },
        "source": "https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee",
        "signature_type": "Function",
        "id": "CVE-2019-10219-d43e5655",
        "target": {
            "file": "engine/src/main/java/org/hibernate/validator/internal/constraintvalidators/hv/SafeHtmlValidator.java",
            "function": "getFragmentAsDocument"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "94562007974873113223383557043872720899",
                "112087544803190870516689888295945294808",
                "306980318626675673733768057349926802933",
                "296282881808670362458754500533165760262",
                "130807650095190493876245857859802937574",
                "112083924863206343392818469090430142738",
                "194503736757800232895612025996828768976",
                "311316402218926050600670133194639076070",
                "331227458559397502816808246571490931361",
                "336226852424949880660456654843462642296",
                "208244545094952328228448506877135837577",
                "105705860365403714807158576657335853075"
            ]
        },
        "source": "https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe",
        "signature_type": "Line",
        "id": "CVE-2019-10219-dddf6471",
        "target": {
            "file": "engine/src/main/java/org/hibernate/validator/internal/constraintvalidators/hv/SafeHtmlValidator.java"
        }
    }
]
github.com/mysql/mysql-server

Affected ranges

Type
GIT
Repo
https://github.com/mysql/mysql-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7a405d91775a84bc7b5a05798c44d3ccc9f21b83
Introduced
270fd3411e3d671a73ed9725940a30080f59ce6d
Fixed
3290a66c89eb1625a7058e0ef732432b6952b435
Introduced
ae41ce7c4ecff5e1e336ab768867370b8c94e02d
Fixed
cbd6238435b20a541fa2ae7771e451159faace71

Affected versions

mysql-5.*
mysql-5.5.48
mysql-5.5.49
mysql-5.5.50
mysql-5.5.51
mysql-5.5.52
mysql-5.5.53
mysql-5.5.54
mysql-5.5.55
mysql-5.5.56
mysql-5.5.57
mysql-5.5.58
mysql-5.5.59
mysql-5.5.60
mysql-5.5.61
mysql-5.5.62
mysql-5.5.63
mysql-5.6.29
mysql-5.6.30
mysql-5.6.31
mysql-5.6.32
mysql-5.6.33
mysql-5.6.34
mysql-5.6.35
mysql-5.6.36
mysql-5.6.37
mysql-5.6.38
mysql-5.6.39
mysql-5.6.40
mysql-5.6.41
mysql-5.6.42
mysql-5.6.43
mysql-5.6.45
mysql-5.6.46
mysql-5.6.47
mysql-5.6.48
mysql-5.6.49
mysql-5.6.50
mysql-5.6.51
mysql-5.7-22-ndb-7.6.6
mysql-5.7.10-2
mysql-5.7.11
mysql-5.7.12
mysql-5.7.13
mysql-5.7.14
mysql-5.7.15
mysql-5.7.16
mysql-5.7.17
mysql-5.7.18
mysql-5.7.19
mysql-5.7.20
mysql-5.7.21
mysql-5.7.22
mysql-5.7.24
mysql-5.7.25
mysql-5.7.26
mysql-5.7.27
mysql-5.7.28
mysql-5.7.29
mysql-5.7.30
mysql-5.7.31
mysql-5.7.32
mysql-5.7.33
mysql-5.7.34
mysql-5.7.35
mysql-5.7.36
mysql-8.*
mysql-8.0.0
mysql-cluster-7.*
mysql-cluster-7.2.23
mysql-cluster-7.2.24
mysql-cluster-7.2.25
mysql-cluster-7.2.26
mysql-cluster-7.2.27
mysql-cluster-7.2.28
mysql-cluster-7.2.29
mysql-cluster-7.2.30
mysql-cluster-7.2.31
mysql-cluster-7.2.32
mysql-cluster-7.2.33
mysql-cluster-7.2.34
mysql-cluster-7.2.35
mysql-cluster-7.2.37
mysql-cluster-7.2.38
mysql-cluster-7.2.39
mysql-cluster-7.2.40
mysql-cluster-7.3
mysql-cluster-7.3.12
mysql-cluster-7.3.13
mysql-cluster-7.3.14
mysql-cluster-7.3.15
mysql-cluster-7.3.16
mysql-cluster-7.3.17
mysql-cluster-7.3.18
mysql-cluster-7.3.19
mysql-cluster-7.3.20
mysql-cluster-7.3.21
mysql-cluster-7.3.22
mysql-cluster-7.3.23
mysql-cluster-7.3.24
mysql-cluster-7.3.25
mysql-cluster-7.3.26
mysql-cluster-7.3.27
mysql-cluster-7.3.28
mysql-cluster-7.3.29
mysql-cluster-7.3.30
mysql-cluster-7.3.31
mysql-cluster-7.3.33
mysql-cluster-7.4.11
mysql-cluster-7.4.12
mysql-cluster-7.4.13
mysql-cluster-7.4.14
mysql-cluster-7.4.15
mysql-cluster-7.4.16
mysql-cluster-7.4.17
mysql-cluster-7.4.18
mysql-cluster-7.4.19
mysql-cluster-7.4.20
mysql-cluster-7.4.21
mysql-cluster-7.4.23
mysql-cluster-7.4.24
mysql-cluster-7.4.25
mysql-cluster-7.4.26
mysql-cluster-7.4.27
mysql-cluster-7.4.28
mysql-cluster-7.4.29
mysql-cluster-7.4.30
mysql-cluster-7.4.32
mysql-cluster-7.4.33
mysql-cluster-7.4.9
mysql-cluster-7.5.0
mysql-cluster-7.5.1
mysql-cluster-7.5.10
mysql-cluster-7.5.11
mysql-cluster-7.5.12
mysql-cluster-7.5.13
mysql-cluster-7.5.14
mysql-cluster-7.5.15
mysql-cluster-7.5.16
mysql-cluster-7.5.17
mysql-cluster-7.5.18
mysql-cluster-7.5.19
mysql-cluster-7.5.2
mysql-cluster-7.5.20
mysql-cluster-7.5.21
mysql-cluster-7.5.23
mysql-cluster-7.5.3
mysql-cluster-7.5.4
mysql-cluster-7.5.5
mysql-cluster-7.5.6
mysql-cluster-7.5.7
mysql-cluster-7.5.8
mysql-cluster-7.5.9
mysql-cluster-7.6.10
mysql-cluster-7.6.11
mysql-cluster-7.6.12
mysql-cluster-7.6.13
mysql-cluster-7.6.14
mysql-cluster-7.6.15
mysql-cluster-7.6.16
mysql-cluster-7.6.17
mysql-cluster-7.6.19
mysql-cluster-7.6.2
mysql-cluster-7.6.3
mysql-cluster-7.6.4
mysql-cluster-7.6.5
mysql-cluster-7.6.6
mysql-cluster-7.6.7
mysql-cluster-7.6.8
mysql-cluster-7.6.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10219.json"