Description

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-1285.html

http://rhn.redhat.com/errata/RHSA-2014-1286.html

http://rhn.redhat.com/errata/RHSA-2014-1287.html

http://rhn.redhat.com/errata/RHSA-2014-1288.html

http://rhn.redhat.com/errata/RHSA-2015-0125.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml

https://hibernate.atlassian.net/browse/HV-912

Related Vulnerabilities

CVE-2022-43410 Vulnerability in maven package org.jenkins-ci.plugins:mercurial

CVE-2015-8861 Vulnerability in npm package handlebars

CVE-2022-23945 Vulnerability in maven package org.apache.shenyu:shenyu-common

CVE-2013-6429 Vulnerability in maven package org.springframework:spring-web

CVE-2020-2207 Vulnerability in maven package org.jenkins-ci.plugins:vncviewer

Severity

Critical

Classification

CWE-264

Tags

Third Party Advisory