Fluid Attacks Database

Description

Improper Authentication in Hibernate Validator ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.hibernate:hibernate-validator	>=4.1.0 <4.2.1 \|\| >=4.3.0 <4.3.2 \|\| >=5.0.0 <5.1.2	4.2.1, 4.3.2, 5.1.2
debian 11	libhibernate-validator-java	>=0 <4.2.1-2	4.2.1-2
debian 13	libhibernate-validator-java	>=0 <4.2.1-2	4.2.1-2
debian 12	libhibernate-validator-java	>=0 <4.2.1-2	4.2.1-2
debian 14	libhibernate-validator-java	>=0 <4.2.1-2	4.2.1-2

Aliases

1. CVE-2014-35582. NVD-2014-35583. OSV-2014-35584. OSV-DEBIAN-2014-35585. GCVE-2014-35586. SECURITY-TRACKER-CVE-2014-3558

References

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.