Improper Authentication in Hibernate Validator
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Apr 16, 2024
Package
Affected versions
>= 4.1.0, < 4.2.1
>= 4.3.0, < 4.3.2
>= 5.0.0, < 5.1.2
Patched versions
4.2.1
4.3.2
5.1.2
Description
Published by the National Vulnerability Database
Sep 30, 2014
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Jul 7, 2022
Last updated
Apr 16, 2024
Credits
-
MarkLee131 Analyst
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
References