Description

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-1285.html

http://rhn.redhat.com/errata/RHSA-2014-1286.html

http://rhn.redhat.com/errata/RHSA-2014-1287.html

http://rhn.redhat.com/errata/RHSA-2014-1288.html

http://rhn.redhat.com/errata/RHSA-2015-0125.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml

https://hibernate.atlassian.net/browse/HV-912

Related Vulnerabilities

CVE-2021-29445 Vulnerability in npm package jose-node-esm-runtime

CVE-2017-20160 Vulnerability in npm package express-param

CVE-2020-1941 Vulnerability in maven package org.apache.activemq:activemq-web-console

CVE-2017-5617 Vulnerability in maven package com.kitfox.svg:svg-salamander

CVE-2022-39218 Vulnerability in npm package @fastly/js-compute

Severity

Critical

Classification

CWE-264

Tags

Third Party Advisory