CVE-2023-1932 Information

Description

A flaw was found in hibernate-validator’s ‘isValid’ method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html allowing HTML injection or Cross-Site-Scripting (XSS) attacks.

Reference

https://access.redhat.com/security/cve/CVE-2023-1932 https://bugzilla.redhat.com/show_bug.cgi?id=1809444