Description

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Remediation

References

https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml

http://rhn.redhat.com/errata/RHSA-2014-1286.html

http://rhn.redhat.com/errata/RHSA-2014-1285.html

https://hibernate.atlassian.net/browse/HV-912

http://rhn.redhat.com/errata/RHSA-2014-1288.html

http://rhn.redhat.com/errata/RHSA-2014-1287.html

http://rhn.redhat.com/errata/RHSA-2015-0125.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

Related Vulnerabilities

CVE-2021-3312 Vulnerability in maven package org.opencms:opencms-core

CVE-2019-16563 Vulnerability in maven package tech.andrey.jenkins:mission-control-view

CVE-2020-27223 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2020-7634 Vulnerability in npm package heroku-addonpool

CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service

Severity

Critical

Classification

CWE-264

Tags

Third Party Advisory