CVE-2014-3558

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Published: Sep 30, 2014
Updated: May 9, 2024
CVE: CVE-2014-3558
GHSA: GHSA-845h-985r-jrqh
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
redhat / hibernate_validator	4.1.0	4.1.0.x
redhat / hibernate_validator	4.2.0	4.2.0.x
redhat / hibernate_validator	4.2.0-beta1	4.2.0-beta1.x
redhat / hibernate_validator	4.2.0-beta2	4.2.0-beta2.x
redhat / hibernate_validator	4.2.0-cr1	4.2.0-cr1.x
redhat / hibernate_validator	4.3.0	4.3.2
redhat / hibernate_validator	5.0.0	5.0.3.x
redhat / hibernate_validator	5.1.0	5.1.2
org.hibernate / hibernate-validator	4.1.0	4.2.1
org.hibernate / hibernate-validator	4.3.0	4.3.2
org.hibernate / hibernate-validator	5.0.0	5.1.2

Vulnerability Database

CVE-2014-3558