Access Restriction Bypass Affecting libhibernate-validator-java Open this link in a new tab package, versions <4.2.1-2

Although NVD CVSS Score is: 5.3 (Medium), when available we recommend using the distro's own rating score.

Attack Complexity

Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-DEBIAN12-LIBHIBERNATEVALIDATORJAVA-1550145
published

30 Sep 2014
disclosed

30 Sep 2014

Report a new vulnerability Found a mistake?

Introduced: 30 Sep 2014

CVE-2014-3558 Open this link in a new tab CWE-264 Open this link in a new tab

How to fix?

Upgrade Debian:12 libhibernate-validator-java to version 4.2.1-2 or higher.

NVD Description

Note: Versions mentioned in the description apply to the upstream libhibernate-validator-java package. See How to fix? for Debian:12 relevant versions.

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Access Restriction Bypass Affecting libhibernate-validator-java Open this link in a new tab package, versions <4.2.1-2

Attack Complexity

snyk-id

published

disclosed

Introduced: 30 Sep 2014

How to fix?

NVD Description

References