A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
https://www.oracle.com/security-alerts/cpujan2022.html
https://security.netapp.com/advisory/ntap-20220210-0024/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219
https://access.redhat.com/errata/RHSA-2020:0445
https://access.redhat.com/errata/RHSA-2020:0164
https://access.redhat.com/errata/RHSA-2020:0161
https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit
https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219
https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe
https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee
https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee