CVE-2014-3558
EPSS 0.53%Improper Authentication in Hibernate Validator
Published: 5/14/2022Modified: 4/28/2026
Description
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
Affected packages (2)
- Debian/libhibernate-validator-javafrom 0, < 4.2.1-2
- Maven/org.hibernate:hibernate-validator>= 4.1.0, < 4.2.1
References (19)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-3558
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3558
- PATCHhttps://github.com/hibernate/hibernate-validator
- WEBhttp://rhn.redhat.com/errata/RHSA-2014-1285.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2014-1286.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2014-1287.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2014-1288.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-0125.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-0720.html
- WEBhttps://github.com/hibernate/hibernate-validator/commit/2c95d4ea0ef20977be249e31a4a4f4f4f71c945d
- WEBhttps://github.com/hibernate/hibernate-validator/commit/67fdff14831c035c25e098fe14bd86523d17f726
- WEBhttps://github.com/hibernate/hibernate-validator/commit/7e7131939a4361a7cad3e77ab89a8462132c561c
- WEBhttps://github.com/hibernate/hibernate-validator/commit/c489416f699a46859c134796b3ccfea41ef3ce52
- WEBhttps://github.com/hibernate/hibernate-validator/commit/c9525ca544b1281e2b7c7347e86e87c86dc1dc6e
- WEBhttps://github.com/hibernate/hibernate-validator/commit/e8c42b689df8c6752d635d02c6518da3fece3870
- WEBhttps://github.com/hibernate/hibernate-validator/commit/f97c2021a03c825abdeca1692f5be51e77e76a8f
- WEBhttps://github.com/hibernate/hibernate-validator/commit/fd4eaed7fb930db6a5e4c03742b4b3adcfecc90e
- WEBhttps://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml
- WEBhttps://hibernate.atlassian.net/browse/HV-912