### [CVE-2019-10219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10219)
![](https://img.shields.io/static/v1?label=Product&message=hibernate-validator&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.0.0.Alpha1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.1.0.Alpha1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79&color=brightgreen)

### Description

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

### POC

#### Reference
- https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219
- https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit
- https://www.oracle.com/security-alerts/cpujan2022.html

#### Github
- https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh
- https://github.com/Live-Hack-CVE/CVE-2019-10219
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/shoucheng3/hibernate__hibernate-validator_CVE-2019-10219_6-0-17-Final
- https://github.com/shoucheng3/hibernate__hibernate-validator_CVE-2019-10219_6_0_18_Final_fixed