VYPR
Medium severity5.3NVD Advisory· Published May 6, 2020· Updated Jun 17, 2026

CVE-2020-10693

CVE-2020-10693

Description

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.hibernate.validator:hibernate-validatorMaven
>= 6.1.0.Final, < 6.1.5.Final6.1.5.Final
org.hibernate.validator:hibernate-validatorMaven
< 6.0.20.Final6.0.20.Final
org.hibernate:hibernate-validatorMaven
>= 6.1.0.Final, < 6.1.5.Final6.1.5.Final
org.hibernate:hibernate-validatorMaven
< 6.0.20.Final6.0.20.Final

Affected products

3

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.