An update for hibernate-validator is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1332 Final 1.0 1.0 2021-09-03 Initial 2021-09-03 2021-09-03 openEuler SA Tool V1.0 2021-09-03 hibernate-validator security update An update for hibernate-validator is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. This is the reference implementation of JSR-349 - Bean Validation 1.1. Bean Validation defines a meta-data model and API for JavaBean as well as method validation. The default meta-data source are annotations, with the ability to override and extend the meta-data through the use of XML validation descriptors. Security Fix(es): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.(CVE-2019-10219) An update for hibernate-validator is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium hibernate-validator https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1332 https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-10219 https://nvd.nist.gov/vuln/detail/CVE-2019-10219 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 hibernate-validator-performance-5.2.4-4.oe1.noarch.rpm hibernate-validator-5.2.4-4.oe1.noarch.rpm hibernate-validator-parent-5.2.4-4.oe1.noarch.rpm hibernate-validator-test-utils-5.2.4-4.oe1.noarch.rpm hibernate-validator-annotation-processor-5.2.4-4.oe1.noarch.rpm hibernate-validator-cdi-5.2.4-4.oe1.noarch.rpm hibernate-validator-javadoc-5.2.4-4.oe1.noarch.rpm hibernate-validator-annotation-processor-5.2.4-4.oe1.noarch.rpm hibernate-validator-cdi-5.2.4-4.oe1.noarch.rpm hibernate-validator-javadoc-5.2.4-4.oe1.noarch.rpm hibernate-validator-performance-5.2.4-4.oe1.noarch.rpm hibernate-validator-parent-5.2.4-4.oe1.noarch.rpm hibernate-validator-5.2.4-4.oe1.noarch.rpm hibernate-validator-test-utils-5.2.4-4.oe1.noarch.rpm hibernate-validator-5.2.4-4.oe1.src.rpm hibernate-validator-5.2.4-4.oe1.src.rpm A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. 2021-09-03 CVE-2019-10219 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N hibernate-validator security update 2021-09-03 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1332