VDB
DEBIAN-CVE-2020-10693
DEBIAN-CVE-2020-10693
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | libhibernate-validator-java | 0, 5.3.6-2, 5.3.6-3 |
| Debian:13 | libhibernate-validator-java | 5.3.6-3, 0, 0 |
| Debian:14 | libhibernate-validator-java | 0, 5.3.6-3, 0 |
| Debian:11 | libhibernate-validator-java | 5.3.6-1, 5.3.6-2, 0 |
Timeline
- May 6, 2020 CVE Published
- Apr 28, 2026 CVE Updated