Bug 1738673 (CVE-2019-10219)
Summary: | CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aileenc, akoufoud, alazarot, almorale, anstephe, apo, asoldano, avibelli, bbaranow, bbuckingham, bcourt, bgeorges, bkearney, bmaxwell, brian.stansberry, btotty, cbyrne, cdewolf, chazlett, cmacedo, cmoulliard, darran.lofthouse, dbecker, dffrench, dkreling, dosoudil, drieden, drusso, etirelli, extras-orphan, ggaughan, gsmet, gvarsami, hhudgeon, ibek, ikanello, iweiss, janstey, java-sig-commits, jawilson, jbalunas, jcoleman, jjoyce, jmadigan, jochrist, jolee, jpallich, jperkins, jschatte, jschluet, jshepherd, jstastny, jwon, kbasil, kconner, krathod, kverlaen, kwills, ldimaggi, lef, lgao, lhh, loleary, lpeer, lthon, lzap, mburns, mhulan, mkolesni, mmccune, mnovotny, msochure, msvehla, mszynkie, ngough, nwallace, paradhya, pdrozd, pgallagh, pjindal, pmackay, psotirop, puntogil, pwright, rchan, rfreire, rguimara, rjerrido, rrajasek, rruss, rsvoboda, rsynek, rwagner, sclewis, scohen, sdaley, security-response-team, slinaber, smaestri, spinder, sthorger, tcunning, theute, tkirby, tom.jenkinson, trepel, twalsh, vhalbert |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | hibernate-validator 6.0.18.Final, hibernate-validator 6.1.0.Final | Doc Type: | If docs needed, set a value |
Doc Text: |
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-01-21 08:09:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1745487 | ||
Bug Blocks: | 1713386 |
Description
Laura Pardo
2019-08-07 20:04:39 UTC
Acknowledgments: Name: Dominik Mizyn (Samsung R&D Institute Poland) Statement: Red Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it is being deprecated and is only receiving security fixes for Important and Critical flaws. This vulnerability is out of security support scope for the following product: * Red Hat Mobile Application Platform Please refer to https://access.redhat.com/support/policy/updates/rhmap for more details This vulnerability is out of security support scope for the following products: * Red Hat Enterprise Application Platform 5 * Red Hat Enterprise Application Platform 6 * Red Hat JBoss Operations Network 3 * Red Hat JBoss BPM Suite 6 * Red Hat JBoss BRMS 5 * Red Hat JBoss BRMS 6 * Red Hat JBoss Fuse 6 * Red Hat JBoss Fuse Service Works 6 * Red Hat JBoss SOA Platform 5 * JBoss Developer Studio 11 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details. This vulnerability is out of security support scope for the following product: * Red Hat JBoss Data Virtualization & Services 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details. Hello, which versions of hibernate-validator are affected? What is the fixing commit? I cannot find any recent commits regarding SafeHTML in https://github.com/hibernate/hibernate-validator Thanks I looked for an usage of SafeHtml and there is no occurrence in the source code so marking RHDM and RHPAM as affected just on existence of hibernate-validator jar or dependency is invalid. Searched the annotation class in sources: "org.hibernate.validator.constraints.SafeHtml" @Marek, Thank you for looking into it. I am closing the trackers created for RHDM/PAM and marking them as not affected. This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0164 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 Via RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0159 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 Via RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0161 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 Via RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0160 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10219 This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2020:0445 https://access.redhat.com/errata/RHSA-2020:0445 This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2020:2067 https://access.redhat.com/errata/RHSA-2020:2067 This issue has been addressed in the following products: Red Hat Data Grid 7.3.6 Via RHSA-2020:2321 https://access.redhat.com/errata/RHSA-2020:2321 This issue has been addressed in the following products: Red Hat Fuse 7.8.0 Via RHSA-2020:5568 https://access.redhat.com/errata/RHSA-2020:5568 This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. This comment was flagged a spam, view the edit history to see the original text if required. |