CVE-2023-1932
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-1932
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1932.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-1932
- Aliases
- Downstream
- Published
- 2024-11-07T10:15:04Z
- Modified
- 2025-10-21T12:57:35.641295Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
- References
Affected packages
Git / github.com/hibernate/hibernate-validator
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hibernate/hibernate-validator
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.2.0.Beta1
4.2.0.Beta2
4.2.0.CR1
4.2.0.Final
4.3.0.Alpha1
4.3.0.Beta1
4.3.0.CR1
4.3.0.Final
5.*
5.0.0.Alpha1
5.0.0.Alpha2
5.0.0.Beta1
5.0.0.CR1
5.0.0.CR2
5.0.0.CR3
5.0.0.CR4
5.0.0.CR5
5.0.0.Final
5.0.1.Final
5.1.0.Alpha1
5.1.0.Beta1
5.1.0.CR1
5.1.0.Final
5.1.1.Final
5.2.0.Alpha1
5.2.0.Beta1
5.2.0.CR1
5.2.0.Final
5.2.1.Final
5.2.2.Final
5.3.0.Alpha1
6.*
6.0.0.Alpha1
6.0.0.Alpha2
6.0.0.Beta1
6.0.0.Beta2
6.0.0.CR1
6.0.0.CR2
6.0.0.CR3
6.0.1.Final
6.0.2.Final
6.0.3.Final
6.0.4.Final
6.0.5.Final
6.0.6.Final
6.0.7.Final
6.0.8.Final
6.0.9.Final
6.1.0.Alpha1
6.1.0.Alpha2
6.1.0.Alpha3
6.1.0.Alpha4
6.1.0.Alpha5
6.1.0.Alpha6
6.1.0.Final
6.1.1.Final
6.1.2.Final
6.1.3.Final
6.1.4.Final
6.1.5.Final
6.1.6.Final
6.2.0.CR1
Other
pre-validator3-removal