VDB

DEBIAN-CVE-2020-10693

DEBIAN-CVE-2020-10693 PUBLISHED CVSS 5.300000190734863 MEDIUM

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Debian:12libhibernate-validator-java0, 5.3.6-2, 5.3.6-3
Debian:13libhibernate-validator-java5.3.6-3, 0, 0
Debian:14libhibernate-validator-java0, 5.3.6-3, 0
Debian:11libhibernate-validator-java5.3.6-1, 5.3.6-2, 0

Timeline

  • May 6, 2020 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›