CVE-2014-3558 – org.hibernate:hibernate-validator

Package

Manager: maven
Name: org.hibernate:hibernate-validator
Vulnerable Version: >=4.1.0 <4.2.1 || >=4.3.0 <4.3.2 || >=5.0.0 <5.1.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01006 pctl0.7619

Details

Improper Authentication in Hibernate Validator ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Metadata

Created: 2022-05-14T01:18:38Z
Modified: 2024-04-16T16:31:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-845h-985r-jrqh/GHSA-845h-985r-jrqh.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-845h-985r-jrqh
Finding: F039
Auto approve: 1