CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 2CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-1324
https://notcve.org/view.php?id=CVE-2018-1324
16 Mar 2018 — A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package. Se puede emplear un archivo ZIP especialmente manipulado para provocar un bucle infinito en el analizador de campos extra de Apache Commons Compress, empleado por las clases ZipFile y ZipArchiveInputStream ... • https://github.com/tafamace/CVE-2018-1324 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •