CVE-2014-3558
Improper Authentication in Hibernate Validator
EPSS 0.53%
Description
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
How to fix CVE-2014-3558
To remediate CVE-2014-3558, upgrade the affected package to a fixed version below.
- Debian/libhibernate-validator-java—upgrade to 4.2.1-2 or later
- Maven/org.hibernate:hibernate-validator—upgrade to 4.2.1 or later
Is CVE-2014-3558 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.2.1-2
- >= 4.1.0, < 4.2.1