Description
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2014-1285.html
http://rhn.redhat.com/errata/RHSA-2014-1286.html
http://rhn.redhat.com/errata/RHSA-2014-1287.html
http://rhn.redhat.com/errata/RHSA-2014-1288.html
http://rhn.redhat.com/errata/RHSA-2015-0125.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml
https://hibernate.atlassian.net/browse/HV-912
Related Vulnerabilities
CVE-2021-29445 Vulnerability in npm package jose-node-esm-runtime
CVE-2017-20160 Vulnerability in npm package express-param
CVE-2020-1941 Vulnerability in maven package org.apache.activemq:activemq-web-console
CVE-2017-5617 Vulnerability in maven package com.kitfox.svg:svg-salamander
CVE-2022-39218 Vulnerability in npm package @fastly/js-compute