Bypassing Java Security Manager in Hibernate Validator

CVE-2014-3558 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Learn more about our Web Application Penetration Testing UK.