/

Hibernate Validator

/

summary

Invalid parsing of EL expression can lead to invalid EL expressions considered valid

Description

This is a fix for CVE-2020-10693 .

More details here: https://issues.redhat.com/browse/JBEAP-19087 .

Note that this is a problem only if developers include user input in the constraint violation message and do not properly escape it.

Environment

Environment

None

Fixed

Assignee

Assignee

Yoann Rodière

Reporter

Reporter

Guillaume Smet

Labels

Labels

None

Feedback Requested

Feedback Requested

None

Feedback Requested By

Feedback Requested By

None

backPortable

backPortable

None

Suitable for new contributors

Suitable for new contributors

None

Pull Request

Pull Request

https://github.com/hibernate/hibernate-validator/pull/1092

backportDecision

backportDecision

None

backportReEvaluate

backportReEvaluate

None

Components

Components

Fix versions

Fix versions

Priority

Priority

Major