Hi, This is a note and warning about a vulnerability in hibernate-validator (CVE-2019-10219). The SafeHtml validator fails to properly sanitize payloads. This could result in an XSS attack[1].
The vulnerability has not been fixed yet which means that even the newest versions of hibernate-validator is vulnerable and all projects that use it should consider it as a known vulnerability. This is the bug that I've been mentioning for quite some time during SECCOM meetings as discovered by one of my team members and reported to Red Hat but couldn't share any details due to standard 90 embargo period. I hope that the bug is going to be fixed soon and a simple upgrade of this library should fix the issue. Footnotes: 1 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 Best regards, -- Krzysztof Opasiak Samsung R&D Institute Poland Samsung Electronics -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#18753): https://lists.onap.org/g/onap-discuss/message/18753 Mute This Topic: https://lists.onap.org/mt/33066723/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
