CVE-2023-1932

Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.

Se encontró una falla en el método 'isValid' de hibernate-validator en la clase org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator, que se puede evitar omitiendo la etiqueta que termina en un carácter menor que. Los navegadores pueden mostrar un código HTML no válido, lo que permite la inyección de HTML o ataques de Cross-Site-Scripting (XSS).

*Credits: Red Hat would like to thank Christian Kistner (SySS GmbH) and Moritz Bechler (SySS GmbH) for reporting this issue.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-04-06 CVE Reserved
2024-11-07 CVE Published
2024-11-07 CVE Updated
2024-11-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (2)

URL	Tag	Source
https://access.redhat.com/security/cve/CVE-2023-1932	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1809444	Issue Tracking

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		A Mq Clients Search vendor "Redhat" for product "A Mq Clients"				*		-		Affected
Redhat Search vendor "Redhat"		Amq Search vendor "Redhat" for product "Amq"				*		-		Affected
Redhat Search vendor "Redhat"		Amq Broker Search vendor "Redhat" for product "Amq Broker"				*		-		Affected
Redhat Search vendor "Redhat"		Amq Online Search vendor "Redhat" for product "Amq Online"				*		-		Affected
Redhat Search vendor "Redhat"		Amq Streams Search vendor "Redhat" for product "Amq Streams"				*		-		Affected
Redhat Search vendor "Redhat"		Codeready Studio Search vendor "Redhat" for product "Codeready Studio"				*		-		Affected
Redhat Search vendor "Redhat"		Cryostat Search vendor "Redhat" for product "Cryostat"				*		-		Affected
Redhat Search vendor "Redhat"		Data Grid Search vendor "Redhat" for product "Data Grid"				*		-		Affected
Redhat Search vendor "Redhat"		Decision Manager Search vendor "Redhat" for product "Decision Manager"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Brms Search vendor "Redhat" for product "Jboss Brms"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Data Grid Search vendor "Redhat" for product "Jboss Data Grid"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Data Virtualization Search vendor "Redhat" for product "Jboss Data Virtualization"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Developer Studio Search vendor "Redhat" for product "Jboss Developer Studio"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Enterprise Application Platform Cd Search vendor "Redhat" for product "Jboss Enterprise Application Platform Cd"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Enterprise Bpms Platform Search vendor "Redhat" for product "Jboss Enterprise Bpms Platform"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Enterprise Brms Platform Search vendor "Redhat" for product "Jboss Enterprise Brms Platform"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Fuse Search vendor "Redhat" for product "Jboss Fuse"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Fuse Service Works Search vendor "Redhat" for product "Jboss Fuse Service Works"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network"				*		-		Affected
Redhat Search vendor "Redhat"		Jboss Soa Platform Search vendor "Redhat" for product "Jboss Soa Platform"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Application Runtimes Search vendor "Redhat" for product "Openshift Application Runtimes"				*		-		Affected
Redhat Search vendor "Redhat"		Openstack Search vendor "Redhat" for product "Openstack"				*		-		Affected
Redhat Search vendor "Redhat"		Process Automation Search vendor "Redhat" for product "Process Automation"				*		-		Affected
Redhat Search vendor "Redhat"		Red Hat Single Sign On Search vendor "Redhat" for product "Red Hat Single Sign On"				*		-		Affected
Redhat Search vendor "Redhat"		Satellite Search vendor "Redhat" for product "Satellite"				*		-		Affected
Redhat Search vendor "Redhat"		Support For Spring Boot Search vendor "Redhat" for product "Support For Spring Boot"				*		-		Affected