GHSA-x83m-pf6f-pf9g
Suggest an improvement- Source
- https://github.com/advisories/GHSA-x83m-pf6f-pf9g
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-x83m-pf6f-pf9g/GHSA-x83m-pf6f-pf9g.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-x83m-pf6f-pf9g
- Aliases
- Published
- 2024-11-07T12:30:34Z
- Modified
- 2025-09-12T19:07:09.124119Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- hibernate-validator Cross-site Scripting vulnerability
- Details
-
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
- Database specific
{ "nvd_published_at": "2024-11-07T10:15:04Z", "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "severity": "MODERATE", "github_reviewed_at": "2024-11-07T18:00:00Z" }- References
Affected packages
Maven / org.hibernate.validator:hibernate-validator
Package
- Name
- org.hibernate.validator:hibernate-validator
- View open source insights on deps.dev
- Purl
- pkg:maven/org.hibernate.validator/hibernate-validator
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.2.0.Final
Affected versions
6.*
6.0.0.Alpha1
6.0.0.Alpha2
6.0.0.Beta1
6.0.0.Beta2
6.0.0.CR1
6.0.0.CR2
6.0.0.CR3
6.0.0.Final
6.0.1.Final
6.0.2.Final
6.0.3.Final
6.0.4.Final
6.0.5.Final
6.0.6.Final
6.0.7.Final
6.0.8.Final
6.0.9.Final
6.0.10.Final
6.0.11.Final
6.0.12.Final
6.0.13.Final
6.0.14.Final
6.0.15.Final
6.0.16.Final
6.0.17.Final
6.0.18.Final
6.0.19.Final
6.0.20.Final
6.0.21.Final
6.0.22.Final
6.0.23.Final
6.1.0.Alpha1
6.1.0.Alpha2
6.1.0.Alpha3
6.1.0.Alpha4
6.1.0.Alpha5
6.1.0.Alpha6
6.1.0.Final
6.1.1.Final
6.1.2.Final
6.1.3.Final
6.1.4.Final
6.1.5.Final
6.1.6.Final
6.1.7.Final
6.2.0.CR1
Maven / org.hibernate:hibernate-validator
Package
- Name
- org.hibernate:hibernate-validator
- View open source insights on deps.dev
- Purl
- pkg:maven/org.hibernate/hibernate-validator
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.2.0.Final
Affected versions
3.*
3.0.0.GA
3.0.0.ga
3.1.0.CR1
3.1.0.CR2
3.1.0.GA
4.*
4.0.0.Alpha1
4.0.0.Alpha2
4.0.0.Alpha3
4.0.0.Beta1
4.0.0.Beta2
4.0.0.Beta3
4.0.0.CR1
4.0.0.GA
4.0.1.GA
4.0.2.GA
4.1.0.Beta1
4.1.0.Beta2
4.1.0.CR1
4.1.0.Final
4.2.0.Beta1
4.2.0.Beta2
4.2.0.CR1
4.2.0.Final
4.3.0.Alpha1
4.3.0.Beta1
4.3.0.CR1
4.3.0.Final
4.3.1.Final
4.3.2.Final
5.*
5.0.0.Alpha1
5.0.0.Alpha2
5.0.0.Beta1
5.0.0.CR1
5.0.0.CR2
5.0.0.CR3
5.0.0.CR4
5.0.0.CR5
5.0.0.Final
5.0.1.Final
5.0.2.Final
5.0.3.Final
5.1.0.Alpha1
5.1.0.Beta1
5.1.0.CR1
5.1.0.Final
5.1.1.Final
5.1.2.Final
5.1.3.Final
5.2.0.Alpha1
5.2.0.Beta1
5.2.0.CR1
5.2.0.Final
5.2.1.Final
5.2.2.Final
5.2.3.Final
5.2.4.Final
5.2.5.Final
5.3.0.Alpha1
5.3.0.CR1
5.3.0.Final
5.3.1.Final
5.3.2.Final
5.3.3.Final
5.3.4.Final
5.3.5.Final
5.3.6.Final
5.4.0.Beta1
5.4.0.CR1
5.4.0.Final
5.4.1.Final
5.4.2.Final
5.4.3.Final
6.*
6.0.0.Alpha1
6.0.0.Alpha2
6.0.0.Beta1
6.0.0.Beta2
6.0.0.CR1
6.0.0.CR2
6.0.0.CR3
6.0.0.Final
6.0.1.Final
6.0.2.Final
6.0.3.Final
6.0.4.Final
6.0.5.Final
6.0.6.Final
6.0.7.Final
6.0.8.Final
6.0.9.Final
6.0.10.Final
6.0.11.Final
6.0.12.Final
6.0.13.Final
6.0.14.Final
6.0.15.Final
6.0.16.Final
6.0.17.Final
6.0.18.Final
6.0.19.Final
6.0.20.Final
6.0.21.Final
6.0.22.Final
6.0.23.Final
6.1.0.Alpha1
6.1.0.Alpha2
6.1.0.Alpha3
6.1.0.Alpha4
6.1.0.Alpha5
6.1.0.Alpha6
6.1.0.Final
6.1.1.Final
6.1.2.Final
6.1.3.Final
6.1.4.Final
6.1.5.Final
6.1.6.Final
6.1.7.Final
6.2.0.CR1