Description

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-1285.html

http://rhn.redhat.com/errata/RHSA-2014-1286.html

http://rhn.redhat.com/errata/RHSA-2014-1287.html

http://rhn.redhat.com/errata/RHSA-2014-1288.html

http://rhn.redhat.com/errata/RHSA-2015-0125.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml

https://hibernate.atlassian.net/browse/HV-912

Related Vulnerabilities

CVE-2023-25762 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-build-step

CVE-2018-1288 Vulnerability in maven package org.apache.kafka:kafka

CVE-2016-6805 Vulnerability in maven package org.apache.ignite:ignite-core

CVE-2018-3716 Vulnerability in npm package simplehttpserver

CVE-2023-43501 Vulnerability in maven package com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

Severity

Critical

Classification

CWE-264

Tags

Third Party Advisory