Description
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
Remediation
References
https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml
http://rhn.redhat.com/errata/RHSA-2014-1286.html
http://rhn.redhat.com/errata/RHSA-2014-1285.html
https://hibernate.atlassian.net/browse/HV-912
http://rhn.redhat.com/errata/RHSA-2014-1288.html
http://rhn.redhat.com/errata/RHSA-2014-1287.html
http://rhn.redhat.com/errata/RHSA-2015-0125.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
Related Vulnerabilities
CVE-2020-7686 Vulnerability in npm package rollup-plugin-dev-server
CVE-2015-9238 Vulnerability in npm package secure-compare
CVE-2020-1935 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2020-2163 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-29258 Vulnerability in maven package org.xwiki.platform:xwiki-platform-filter-ui