Описание
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat BPM Suite 6 | hibernate-validator | Not affected | ||
Red Hat Enterprise Virtualization 3 | hibernate-validator | Will not fix | ||
Red Hat Fuse 7 | camel | Not affected | ||
Red Hat JBoss BRMS 6 | hibernate-validator | Not affected | ||
Red Hat JBoss Data Grid 6 | hibernate-validator | Will not fix | ||
Red Hat JBoss Data Grid 7 | hibernate-validator | Not affected | ||
Red Hat JBoss Data Virtualization 6 | hibernate-validator | Not affected | ||
Red Hat JBoss Enterprise Application Platform 5 | hibernate-validator | Out of support scope | ||
Red Hat JBoss Fuse 6 | camel | Will not fix | ||
Red Hat JBoss Fuse Integration Service 2 | hibernate-validator | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it ...
EPSS
6.3 Medium
CVSS3