← volver
CVE-2019-10219

CVE-2019-10219

CVSS 6.5 MEDIUMEPSS 2.2%CWE-79
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 2.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
08 nov 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Productos afectados
Hibernate · hibernate-validator

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2020:0159https://access.redhat.com/errata/RHSA-2020:0160https://access.redhat.com/errata/RHSA-2020:0161https://access.redhat.com/errata/RHSA-2020:0164https://access.redhat.com/errata/RHSA-2020:0445https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceehttps://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceeehttps://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fehttps://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploithttps://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E