Hibernate Validator
Approved changes feed: RSS · Atom
cpe:2.3:a:red_hat,_inc.:hibernate-validator:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Red Hat, Inc. (955c0640-1cfb-5fef-a58d-675724883b3d) |
|---|---|
| Product | Hibernate Validator (7212b9cd-4bca-5d4b-8de2-708cefba710d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-7536 |
vulnerable | 2026-06-03 14:37:32.429281 |
Details available
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
Published: 2018-01-10T15:00:00.000Z
Updated: 2024-09-16T17:32:38.135Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.