Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.hibernate/hibernate-validator@6.0.20.Final

Type maven

Namespace org.hibernate

Name hibernate-validator

Version 6.0.20.Final

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 6.1.0.Alpha6

Latest_non_vulnerable_version 7.0.0.CR1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-12uy-cu8u-jkda

vulnerability_id VCID-12uy-cu8u-jkda

summary

Improper Input Validation in Hibernate Validator
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10693.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10693.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10693

reference_id

reference_type

scores

value	0.00094
scoring_system	epss
scoring_elements	0.26228
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10693

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693

reference_url

https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E

reference_url

https://www.ibm.com/support/pages/node/6348216

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.ibm.com/support/pages/node/6348216

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1805501
reference_id	1805501
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1805501

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988946
reference_id	988946
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988946

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10693

reference_id

CVE-2020-10693

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10693

reference_url	https://github.com/advisories/GHSA-rmrm-75hp-phr2
reference_id	GHSA-rmrm-75hp-phr2
reference_type
scores
url	https://github.com/advisories/GHSA-rmrm-75hp-phr2

reference_url	https://access.redhat.com/errata/RHSA-2020:3461
reference_id	RHSA-2020:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3461

reference_url	https://access.redhat.com/errata/RHSA-2020:3462
reference_id	RHSA-2020:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3462

reference_url	https://access.redhat.com/errata/RHSA-2020:3463
reference_id	RHSA-2020:3463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3463

reference_url	https://access.redhat.com/errata/RHSA-2020:3464
reference_id	RHSA-2020:3464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3464

reference_url	https://access.redhat.com/errata/RHSA-2020:3501
reference_id	RHSA-2020:3501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3501

reference_url	https://access.redhat.com/errata/RHSA-2020:3539
reference_id	RHSA-2020:3539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3539

reference_url	https://access.redhat.com/errata/RHSA-2020:3637
reference_id	RHSA-2020:3637
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3637

reference_url	https://access.redhat.com/errata/RHSA-2020:3638
reference_id	RHSA-2020:3638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3638

reference_url	https://access.redhat.com/errata/RHSA-2020:3639
reference_id	RHSA-2020:3639
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3639

reference_url	https://access.redhat.com/errata/RHSA-2020:3642
reference_id	RHSA-2020:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3642

reference_url	https://access.redhat.com/errata/RHSA-2020:3806
reference_id	RHSA-2020:3806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3806

reference_url	https://access.redhat.com/errata/RHSA-2020:4252
reference_id	RHSA-2020:4252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4252

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

reference_url	https://access.redhat.com/errata/RHSA-2020:4960
reference_id	RHSA-2020:4960
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4960

reference_url	https://access.redhat.com/errata/RHSA-2020:4961
reference_id	RHSA-2020:4961
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4961

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

fixed_packages

url	pkg:maven/org.hibernate/hibernate-validator@6.0.20.Final
purl	pkg:maven/org.hibernate/hibernate-validator@6.0.20.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-validator@6.0.20.Final

url	pkg:maven/org.hibernate/hibernate-validator@6.1.5.Final
purl	pkg:maven/org.hibernate/hibernate-validator@6.1.5.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-validator@6.1.5.Final

aliases CVE-2020-10693, GHSA-rmrm-75hp-phr2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12uy-cu8u-jkda

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-validator@6.0.20.Final

Package Instance