Description
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2014-1285.html
http://rhn.redhat.com/errata/RHSA-2014-1286.html
http://rhn.redhat.com/errata/RHSA-2014-1287.html
http://rhn.redhat.com/errata/RHSA-2014-1288.html
http://rhn.redhat.com/errata/RHSA-2015-0125.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml
https://hibernate.atlassian.net/browse/HV-912
Related Vulnerabilities
CVE-2022-43410 Vulnerability in maven package org.jenkins-ci.plugins:mercurial
CVE-2015-8861 Vulnerability in npm package handlebars
CVE-2022-23945 Vulnerability in maven package org.apache.shenyu:shenyu-common
CVE-2013-6429 Vulnerability in maven package org.springframework:spring-web
CVE-2020-2207 Vulnerability in maven package org.jenkins-ci.plugins:vncviewer