In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
oryginał ENCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HRed Hat Enterprise Linux
OSRedhat5.06.07.0Red Hat Hibernate Validator
APPRedhat5.2.0 – 5.2.5 (bez)5.3.0 – 5.3.6 (bez)5.4.0 – 5.4.2 (bez)Red Hat Jboss Enterprise Application Platform
APPRedhat6.0.06.4.07.07.1Red Hat Satellite
APPRedhat6.4Red Hat Satellite Capsule
APPRedhat6.4Red Hat Virtualization
APPRedhat4.0Red Hat Virtualization Host
APPRedhat4.0
Powiązane podatności
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...