CVE-2014-3558 | Vulnerability Database | Aqua Security

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Affected Software

Name	Vendor	Start Version	End Version
Hibernate_validator	Redhat	4.3.0 (including)	4.3.2 (excluding)
Hibernate_validator	Redhat	5.0.0 (including)	5.0.3 (including)
Hibernate_validator	Redhat	5.1.0 (including)	5.1.2 (excluding)
Hibernate_validator	Redhat	4.1.0 (including)	4.1.0 (including)
Hibernate_validator	Redhat	4.2.0 (including)	4.2.0 (including)
Hibernate_validator	Redhat	4.2.0-beta1 (including)	4.2.0-beta1 (including)
Hibernate_validator	Redhat	4.2.0-beta2 (including)	4.2.0-beta2 (including)
Hibernate_validator	Redhat	4.2.0-cr1 (including)	4.2.0-cr1 (including)

References

http://rhn.redhat.com/errata/RHSA-2014-1285.html
http://rhn.redhat.com/errata/RHSA-2014-1286.html
http://rhn.redhat.com/errata/RHSA-2014-1287.html
http://rhn.redhat.com/errata/RHSA-2014-1288.html
http://rhn.redhat.com/errata/RHSA-2015-0125.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml
https://hibernate.atlassian.net/browse/HV-912

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3558
CWE	https://cwe.mitre.org/data/definitions/264.html