ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2014-1285.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2014-1286.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2014-1287.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2014-1288.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0125.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-0720.html | Third Party Advisory |
https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml | Third Party Advisory |
https://hibernate.atlassian.net/browse/HV-912 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-09-30T14:00:00
Updated: 2015-03-26T13:57:00
Reserved: 2014-05-14T00:00:00
Link: CVE-2014-3558
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-09-30T14:55:08.657
Modified: 2019-03-21T14:24:50.507
Link: CVE-2014-3558
JSON object: View
Redhat Information
No data.
CWE