CVE-2014-3558
EPSS 0.53%Improper Authentication in Hibernate Validator
Published: 5/14/2022Modified: 4/28/2026
Also known as:DEBIAN-CVE-2014-3558
Description
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
Affected packages (2)
- Debian/libhibernate-validator-javafrom 0, < 4.2.1-2
- Maven/org.hibernate:hibernate-validator>= 4.1.0, < 4.2.1
References (19)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-3558
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3558
- PATCHhttps://github.com/hibernate/hibernate-validator
- WEBhttp://rhn.redhat.com/errata/RHSA-2014-1285.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2014-1286.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2014-1287.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2014-1288.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-0125.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-0720.html
- WEBhttps://github.com/hibernate/hibernate-validator/commit/2c95d4ea0ef20977be249e31a4a4f4f4f71c945d
- WEBhttps://github.com/hibernate/hibernate-validator/commit/67fdff14831c035c25e098fe14bd86523d17f726
- WEBhttps://github.com/hibernate/hibernate-validator/commit/7e7131939a4361a7cad3e77ab89a8462132c561c
- WEBhttps://github.com/hibernate/hibernate-validator/commit/c489416f699a46859c134796b3ccfea41ef3ce52
- WEBhttps://github.com/hibernate/hibernate-validator/commit/c9525ca544b1281e2b7c7347e86e87c86dc1dc6e
- WEBhttps://github.com/hibernate/hibernate-validator/commit/e8c42b689df8c6752d635d02c6518da3fece3870
- WEBhttps://github.com/hibernate/hibernate-validator/commit/f97c2021a03c825abdeca1692f5be51e77e76a8f
- WEBhttps://github.com/hibernate/hibernate-validator/commit/fd4eaed7fb930db6a5e4c03742b4b3adcfecc90e
- WEBhttps://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml
- WEBhttps://hibernate.atlassian.net/browse/HV-912