Описание
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libhibernate-validator-java | fixed | 4.2.1-2 | package | |
| libhibernate-validator-java | no-dsa | jessie | package | |
| libhibernate-validator-java | no-dsa | wheezy | package | |
| libhibernate-validator-java | no-dsa | squeeze | package |
Примечания
RedHat upgraded to new upstream versions in their security
updates. No patches are available for the 4.0.x branch we
have in Debian. Known fixed versions are 4.2.1, 4.3.2, and 5.1.2.
Upstream ticket: https://hibernate.atlassian.net/browse/HV-912
EPSS
Связанные уязвимости
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
EPSS