1809444 – (CVE-2023-1932) CVE-2023-1932 hibernate-validator: rendering of invalid html with SafeHTML leads to HTML injection and XSS

Bug 1809444 (CVE-2023-1932) - CVE-2023-1932 hibernate-validator: rendering of invalid html with SafeHTML leads to HTML injection and XSS

Summary: CVE-2023-1932 hibernate-validator: rendering of invalid html with SafeHTML le...

Keywords:
Status:	NEW
Alias:	CVE-2023-1932
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1817514
Blocks:	1809442
TreeView+	depends on / blocked

Reported:	2020-03-03 07:07 UTC by Dhananjay Arunesh
Modified:	2024-02-08 07:22 UTC (History)
CC List:	114 users (show)
Fixed In Version:	hibernate-validator 6.2, hibernate-validator 7.0
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2020-03-03 07:07:53 UTC

A vulnerability was found in hibernate-validator version 6.1.2.Final, where the  method 'isValid' in the class org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator can by bypassed by omitting the tag end (less than sign). Browsers typically still render the invalid html which leads to attacks like HTML injection and Cross-Site-Scripting.

Comment 6 Cedric Buissart 2020-05-22 14:06:23 UTC

Statement:

hibernate-validator is packaged with Red Hat OpenStack Platform 13.0's OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.

Supported versions of Satellite 6 embed vulnerable versions of hibernate-validator inside the candlepin component. However, the vulnerable functionality, SafeHtmlValidator, is not in use and therefore it is not possible to exploit it.

Note You need to log in before you can comment on or make changes to this bug.

aazores
aileenc
akoufoud
alazarot
anstephe
asoldano
ataylor
avibelli
bbaranow
bbuckingham
bcourt
bgeorges
bkearney
bmaxwell
boliveir
brian.stansberry
cdewolf
chazlett
chfoley
cmoulliard
darran.lofthouse
dhanak
dkreling
dosoudil
dpalmer
drichtar
eaguilar
ebaron
eglynn
ehelms
fjuma
gmalinko
gsmet
gvarsami
hhudgeon
ibek
ikanello
ivassile
iweiss
janstey
jawilson
jbalunas
jcoleman
jjoyce
jkang
jochrist
jolee
jpallich
jperkins
jrokos
jross
jschatte
jschluet
jscholz
jsherril
jstastny
jwon
kverlaen
kwills
ldimaggi
lgao
lhh
loleary
lpeer
lsvaty
lthon
lzap
mburns
mgarciac
mhulan
mkolesni
mnovotny
mosmerov
msochure
mstefank
msvehla
mulliken
nmoumoul
nwallace
orabin
pcreech
pdelbell
pdrozd
peholase
pgallagh
pgrist
pjindal
pmackay
pskopek
psotirop
rchan
rfreire
rguimara
rjerrido
rkieley
rowaters
rruss
rstancel
rsvoboda
rwagner
sclewis
scohen
scorneli
sdaley
security-response-team
sfroberg
slinaber
smaestri
sokeeffe
sthorger
swoodman
tcunning
theute
tom.jenkinson