Description
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2014-1285.html
http://rhn.redhat.com/errata/RHSA-2014-1286.html
http://rhn.redhat.com/errata/RHSA-2014-1287.html
http://rhn.redhat.com/errata/RHSA-2014-1288.html
http://rhn.redhat.com/errata/RHSA-2015-0125.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml
https://hibernate.atlassian.net/browse/HV-912
Related Vulnerabilities
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service
CVE-2019-1003061 Vulnerability in maven package org.jenkins-ci.plugins:jenkins-cloudformation-plugin
CVE-2019-9515 Vulnerability in maven package io.netty:netty-codec-http2
CVE-2021-22096 Vulnerability in maven package org.springframework:spring-webflux
CVE-2018-14041 Vulnerability in maven package org.webjars:bootstrap