Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.hibernate/hibernate-validator@5.0.3.Final

Type maven

Namespace org.hibernate

Name hibernate-validator

Version 5.0.3.Final

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.1.2

Latest_non_vulnerable_version 7.0.0.CR1

Affected_by_vulnerabilities

url VCID-42gy-y5t3-8kax

vulnerability_id VCID-42gy-y5t3-8kax

summary

JSM bypass via ReflectionHelper
This package allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1285.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1285.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1286.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1286.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1287.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1287.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1288.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1288.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0125.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0125.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0720.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0720.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3558.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3558.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3558

reference_id

reference_type

scores

value	0.00532
scoring_system	epss
scoring_elements	0.67631
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3558

reference_url

https://github.com/hibernate/hibernate-validator

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hibernate/hibernate-validator

reference_url

https://github.com/hibernate/hibernate-validator/commit/2c95d4ea0ef20977be249e31a4a4f4f4f71c945d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hibernate/hibernate-validator/commit/2c95d4ea0ef20977be249e31a4a4f4f4f71c945d

reference_url

https://github.com/hibernate/hibernate-validator/commit/67fdff14831c035c25e098fe14bd86523d17f726

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hibernate/hibernate-validator/commit/67fdff14831c035c25e098fe14bd86523d17f726

reference_url

https://github.com/hibernate/hibernate-validator/commit/7e7131939a4361a7cad3e77ab89a8462132c561c

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hibernate/hibernate-validator/commit/7e7131939a4361a7cad3e77ab89a8462132c561c

reference_url

https://github.com/hibernate/hibernate-validator/commit/c489416f699a46859c134796b3ccfea41ef3ce52

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hibernate/hibernate-validator/commit/c489416f699a46859c134796b3ccfea41ef3ce52

reference_url

https://github.com/hibernate/hibernate-validator/commit/c9525ca544b1281e2b7c7347e86e87c86dc1dc6e

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hibernate/hibernate-validator/commit/c9525ca544b1281e2b7c7347e86e87c86dc1dc6e

reference_url

https://github.com/hibernate/hibernate-validator/commit/e8c42b689df8c6752d635d02c6518da3fece3870

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hibernate/hibernate-validator/commit/e8c42b689df8c6752d635d02c6518da3fece3870

reference_url

https://github.com/hibernate/hibernate-validator/commit/f97c2021a03c825abdeca1692f5be51e77e76a8f

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hibernate/hibernate-validator/commit/f97c2021a03c825abdeca1692f5be51e77e76a8f

reference_url

https://github.com/hibernate/hibernate-validator/commit/fd4eaed7fb930db6a5e4c03742b4b3adcfecc90e

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hibernate/hibernate-validator/commit/fd4eaed7fb930db6a5e4c03742b4b3adcfecc90e

reference_url

https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml

reference_url

https://hibernate.atlassian.net/browse/HV-912

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hibernate.atlassian.net/browse/HV-912

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3558

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3558

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1120495
reference_id	1120495
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1120495

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762690
reference_id	762690
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762690

reference_url	https://bugzilla.redhat.com/CVE-2014-3558
reference_id	CVE-2014-3558
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2014-3558

reference_url	https://access.redhat.com/errata/RHSA-2014:1285
reference_id	RHSA-2014:1285
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1285

reference_url	https://access.redhat.com/errata/RHSA-2014:1286
reference_id	RHSA-2014:1286
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1286

reference_url	https://access.redhat.com/errata/RHSA-2014:1287
reference_id	RHSA-2014:1287
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1287

reference_url	https://access.redhat.com/errata/RHSA-2014:1288
reference_id	RHSA-2014:1288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1288

reference_url	https://access.redhat.com/errata/RHSA-2015:0125
reference_id	RHSA-2015:0125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0125

reference_url	https://access.redhat.com/errata/RHSA-2015:0234
reference_id	RHSA-2015:0234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0234

reference_url	https://access.redhat.com/errata/RHSA-2015:0235
reference_id	RHSA-2015:0235
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0235

reference_url	https://access.redhat.com/errata/RHSA-2015:0720
reference_id	RHSA-2015:0720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0720

fixed_packages

url	pkg:maven/org.hibernate/hibernate-validator@5.1.2
purl	pkg:maven/org.hibernate/hibernate-validator@5.1.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-validator@5.1.2

url pkg:maven/org.hibernate/hibernate-validator@5.2.1.Final

purl pkg:maven/org.hibernate/hibernate-validator@5.2.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-pzcv-q79p-nbd5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-validator@5.2.1.Final

aliases CVE-2014-3558, GHSA-845h-985r-jrqh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-42gy-y5t3-8kax

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.hibernate/hibernate-validator@5.0.3.Final

Package Instance