Description

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-1285.html

http://rhn.redhat.com/errata/RHSA-2014-1286.html

http://rhn.redhat.com/errata/RHSA-2014-1287.html

http://rhn.redhat.com/errata/RHSA-2014-1288.html

http://rhn.redhat.com/errata/RHSA-2015-0125.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml

https://hibernate.atlassian.net/browse/HV-912

Related Vulnerabilities

CVE-2019-16777 Vulnerability in npm package bin-links

CVE-2021-32731 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web

CVE-2021-22112 Vulnerability in maven package org.springframework.security:spring-security-core

CVE-2020-28865 Vulnerability in maven package com.github.kfcfans:powerjob

CVE-2021-28168 Vulnerability in maven package org.glassfish.jersey.core:jersey-common

Severity

Critical

Classification

CWE-264

Tags

Third Party Advisory