Description

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-1285.html

http://rhn.redhat.com/errata/RHSA-2014-1286.html

http://rhn.redhat.com/errata/RHSA-2014-1287.html

http://rhn.redhat.com/errata/RHSA-2014-1288.html

http://rhn.redhat.com/errata/RHSA-2015-0125.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml

https://hibernate.atlassian.net/browse/HV-912

Related Vulnerabilities

CVE-2020-8137 Vulnerability in maven package org.webjars.npm:uppy

CVE-2017-16008 Vulnerability in maven package org.webjars:i18next

CVE-2017-16193 Vulnerability in npm package mfrs

CVE-2022-27952 Vulnerability in npm package payload

CVE-2019-17359 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

Severity

Critical

Classification

CWE-264

Tags

Third Party Advisory