CVE-2019-10219 — The SafeHtml annotation in Hibernate-Validator does not properly guard against X · VulnScope

CVE-2019-10219

The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks

6.5

MEDIUM

CVSS 3.1

EPSS 1.7%

Description

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

How to fix CVE-2019-10219

To remediate CVE-2019-10219, upgrade the affected package to a fixed version below.

—no fix listed
—upgrade to 6.1.0.Alpha6 or later
—upgrade to 6.1.0.Alpha6 or later

Is CVE-2019-10219 being exploited?

Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0
>= 6.1.0.Alpha1, < 6.1.0.Alpha6
>= 6.1.0.Alpha1, < 6.1.0.Alpha6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N