Description
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2014-1285.html
http://rhn.redhat.com/errata/RHSA-2014-1286.html
http://rhn.redhat.com/errata/RHSA-2014-1287.html
http://rhn.redhat.com/errata/RHSA-2014-1288.html
http://rhn.redhat.com/errata/RHSA-2015-0125.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml
https://hibernate.atlassian.net/browse/HV-912
Related Vulnerabilities
CVE-2017-16137 Vulnerability in npm package debug
CVE-2020-28464 Vulnerability in npm package djv
CVE-2018-1000406 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2014-125087 Vulnerability in maven package com.jamesmurty.utils:java-xmlbuilder
CVE-2017-9795 Vulnerability in maven package org.apache.geode:geode-core