ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Hibernate_validator | Redhat | 4.3.0 (including) | 4.3.2 (excluding) |
Hibernate_validator | Redhat | 5.0.0 (including) | 5.0.3 (including) |
Hibernate_validator | Redhat | 5.1.0 (including) | 5.1.2 (excluding) |
Hibernate_validator | Redhat | 4.1.0 (including) | 4.1.0 (including) |
Hibernate_validator | Redhat | 4.2.0 (including) | 4.2.0 (including) |
Hibernate_validator | Redhat | 4.2.0-beta1 (including) | 4.2.0-beta1 (including) |
Hibernate_validator | Redhat | 4.2.0-beta2 (including) | 4.2.0-beta2 (including) |
Hibernate_validator | Redhat | 4.2.0-cr1 (including) | 4.2.0-cr1 (including) |