Description

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-1285.html

http://rhn.redhat.com/errata/RHSA-2014-1286.html

http://rhn.redhat.com/errata/RHSA-2014-1287.html

http://rhn.redhat.com/errata/RHSA-2014-1288.html

http://rhn.redhat.com/errata/RHSA-2015-0125.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml

https://hibernate.atlassian.net/browse/HV-912

Related Vulnerabilities

CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:tomcat-jasper

CVE-2019-10432 Vulnerability in maven package org.jenkins-ci.plugins:htmlpublisher

CVE-2020-7691 Vulnerability in maven package org.webjars:jspdf

CVE-2020-25711 Vulnerability in maven package org.infinispan:infinispan-server-runtime

CVE-2016-10646 Vulnerability in npm package resourcehacker

Severity

Critical

Classification

CWE-264

Tags

Third Party Advisory