CVE-2020-10693
Description
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.282
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Vulnerabilities CVE-2020-10693 are fixed in Hibernate-hibernate-validator 6.1.5 | Windows |
| Vulnerabilities CVE-2020-10693 are fixed in Hibernate-hibernate-validator 6.0.20 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.2.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0 | Windows |
| Vulnerabilities CVE-2020-10693 are fixed in Hibernate-hibernate-validator for Linux 6.1.5 | Linux |
| Vulnerabilities CVE-2020-10693 are fixed in Hibernate-hibernate-validator for Linux 6.0.20 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234