{"containers":{"cna":{"affected":[{"product":"hibernate-validator","vendor":"Hibernate","collectionURL":"https://hibernate.org/validator/","defaultStatus":"unknown","versions":[{"status":"affected","version":"6.0.0.Alpha1","lessThanOrEqual":"6.0.17.Final","versionType":"semver"},{"status":"affected","version":"6.1.0.Alpha1","lessThanOrEqual":"6.1.0.Alpha6","versionType":"semver"},{"status":"unaffected","version":"6.0.18.Final","lessThanOrEqual":"6.0.*","versionType":"semver"},{"status":"unaffected","version":"6.1.0.Final","lessThanOrEqual":"*","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2025-07-07T13:55:51.360Z"},"references":[{"name":"[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E"},{"name":"[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E"},{"name":"[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E"},{"name":"RHSA-2020:0164","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2020:0164"},{"name":"RHSA-2020:0159","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2020:0159"},{"name":"RHSA-2020:0160","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2020:0160"},{"name":"RHSA-2020:0161","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2020:0161"},{"name":"RHSA-2020:0445","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2020:0445"},{"name":"[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"},{"name":"[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"},{"name":"[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"name":"Upstream fix commit","tags":["patch"],"url":"https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"},{"name":"Upstream fix commit","tags":["patch"],"url":"https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee"},{"name":"Proof of Concept","tags":["exploit"],"url":"https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219"},{"name":"Proof of Concept","tags":["exploit"],"url":"https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20220210-0024/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2019-10219","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"hibernate-validator","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"Hibernate"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack."}]},"impact":{"cvss":[[{"vectorString":"6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.0"}]]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79"}]}]},"references":{"reference_data":[{"name":"[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E"},{"name":"[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E"},{"name":"[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E"},{"name":"RHSA-2020:0164","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2020:0164"},{"name":"RHSA-2020:0159","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2020:0159"},{"name":"RHSA-2020:0160","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2020:0160"},{"name":"RHSA-2020:0161","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2020:0161"},{"name":"RHSA-2020:0445","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2020:0445"},{"name":"[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E"},{"name":"[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E"},{"name":"[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E"},{"name":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"},{"name":"https://security.netapp.com/advisory/ntap-20220210-0024/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20220210-0024/"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-07-02T11:46:38.457Z"},"references":[{"url":"https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee"},{"url":"https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe"},{"url":"https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219"},{"url":"https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit"},{"name":"[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E"},{"name":"[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E"},{"name":"[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E"},{"name":"RHSA-2020:0164","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2020:0164"},{"name":"RHSA-2020:0159","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2020:0159"},{"name":"RHSA-2020:0160","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2020:0160"},{"name":"RHSA-2020:0161","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2020:0161"},{"name":"RHSA-2020:0445","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2020:0445"},{"name":"[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"},{"name":"[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"},{"name":"[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20220210-0024/"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2019-10219","datePublished":"2019-11-08T14:46:03.000Z","dateReserved":"2019-03-27T00:00:00.000Z","dateUpdated":"2025-07-07T13:55:51.360Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}