Vulnerability in Red Hat, Inc. Hibernate-validator
CVE-2017-7536
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a pote…
EPSS: 0.001 (31.6th percentile) — read the EPSS interpretation.
Affected products
- Red Hat, Inc. Hibernate-validator — versions 5.3.x, 5.4.x, 5.2.x before 5.2.5 final
Weakness classification (CWE)
Public proof-of-concept exploits
References
- RHSA-2017:2809 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2018:3817 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2018:2740 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2017:2810 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2018:2741 (x_refsource_REDHAT, vendor-advisory)
- 1039744 (vdb-entry, x_refsource_SECTRACK)
- RHSA-2018:2742 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2017:3458 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2017:2808 (x_refsource_REDHAT, vendor-advisory)
- 101048 (vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2017-7536?
- CVE-2017-7536 is a vulnerability in Red Hat, Inc. Hibernate-validator, classified under CWE-592. Published 2018-01-10.
- Is CVE-2017-7536 known to be exploited?
- 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.