{"id":"CVE-2014-3558","details":"ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.","aliases":["GHSA-845h-985r-jrqh"],"modified":"2025-08-09T19:01:28Z","published":"2014-09-30T14:55:08Z","references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-1285.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-1286.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-1287.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-1288.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-0125.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"type":"ADVISORY","url":"https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml"},{"type":"ADVISORY","url":"https://hibernate.atlassian.net/browse/HV-912"}],"schema_version":"1.7.3"}