Findings for SCA, Medium, [TheRedHatter/javagoof:todolist-web-common/pom.xml]:JSM bypass via ReflectionHelper (#1801) · Issues · Administrator / ticket

Findings for SCA, Medium, [TheRedHatter/javagoof:todolist-web-common/pom.xml]:JSM bypass via ReflectionHelper

Created by: armorcodegithubpreprod[bot]

Findings for SCA, Medium, [TheRedHatter/javagoof:todolist-web-common/pom.xml]:JSM bypass via ReflectionHelper

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): >[4.1.0.Beta1, 4.3.2.Final),[5.0.0.Final,5.1.2.Final)
Vulnerable Path: >null

Overview

org.hibernate:hibernate-validator is a Hibernate Validator Engine Relocation Artifact.

Affected versions of this package are vulnerable to JSM bypass via ReflectionHelper. ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

References

GitHub Commit
GitHub Commit
GitHub Commit
GitHub Commit
GitHub Commit
GitHub Commit
GitHub Commit
GitHub Commit
Jira Issue
Redhat Bugzilla

Snyk Project Status: Active