GHSA-845h-985r-jrqh

Source

https://github.com/advisories/GHSA-845h-985r-jrqh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-845h-985r-jrqh/GHSA-845h-985r-jrqh.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-845h-985r-jrqh

Aliases

CVE-2014-3558

Published

2022-05-14T01:18:38Z

Modified

2024-12-08T05:25:23.348447Z

Summary

Improper Authentication in Hibernate Validator

Details

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Database specific

{
    "nvd_published_at": "2014-09-30T14:55:00Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T22:41:16Z"
}

References

Affected packages

Maven / org.hibernate:hibernate-validator

Package

Name: org.hibernate:hibernate-validator; View open source insights on deps.dev
Purl: pkg:maven/org.hibernate/hibernate-validator

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.2.1

Affected versions

4.*

4.1.0.Final

4.2.0.Beta1

4.2.0.Beta2

4.2.0.CR1

4.2.0.Final

Maven / org.hibernate:hibernate-validator

Package

Name: org.hibernate:hibernate-validator; View open source insights on deps.dev
Purl: pkg:maven/org.hibernate/hibernate-validator

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.2

Affected versions

4.*

4.3.0.Final

4.3.1.Final

Maven / org.hibernate:hibernate-validator

Package

Name: org.hibernate:hibernate-validator; View open source insights on deps.dev
Purl: pkg:maven/org.hibernate/hibernate-validator

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0

Fixed

5.1.2

Affected versions

5.*

5.0.0.Final

5.0.1.Final

5.0.2.Final

5.0.3.Final

5.1.0.Alpha1

5.1.0.Beta1

5.1.0.CR1

5.1.0.Final

5.1.1.Final