Red Hat Hibernate Validator
By the Year
In 2024 there have been 0 vulnerabilities in Red Hat Hibernate Validator . Hibernate Validator did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 5.30 |
| 2019 | 1 | 6.10 |
| 2018 | 1 | 7.00 |
It may take a day or so for new Hibernate Validator vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Hibernate Validator Security Vulnerabilities
A flaw was found in Hibernate Validator version 6.1.2.Final
CVE-2020-10693
5.3 - Medium
- May 06, 2020
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
Improper Input Validation
A vulnerability was found in Hibernate-Validator
CVE-2019-10219
6.1 - Medium
- November 08, 2019
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
XSS
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found
CVE-2017-7536
7 - High
- January 10, 2018
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
Reflection Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Satellite Capsule or by Red Hat? Click the Watch button to subscribe.
