[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-7536":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":30,"aliases":31,"duplicate_of":9,"upstream":33,"downstream":34,"duplicates":61,"related":62,"reserved_at":9,"published_at":63,"modified_at":64,"state":65,"summary":66,"references_raw":74,"kevs":186,"epss":187,"epss_history":190,"metrics":456,"affected":469},"CVE-2017-7536","In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().",null,[11,23],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-470","Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')","The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-138","Reflection Injection",[],{"_key":24,"id":24,"name":25,"description":26,"type":15,"status":27,"abstraction":28,"likelihood_of_exploit":9,"capec":29},"CWE-592","DEPRECATED: Authentication Bypass Issues","This weakness has been deprecated because it covered redundant concepts already described in CWE-287.","Deprecated","Class",[],[],[32],"GHSA-xxgp-pcfc-3vgc",[],[35,37,39,41,43,45,47,49,51,53,55,57,59],{"_key":36},"UBUNTU-CVE-2017-7536",{"_key":38},"DEBIAN-CVE-2017-7536",{"_key":40},"RHSA-2017:2808",{"_key":42},"RHSA-2017:2809",{"_key":44},"RHSA-2017:3141",{"_key":46},"RHSA-2017:3454",{"_key":48},"RHSA-2017:3455",{"_key":50},"RHSA-2017:3458",{"_key":52},"RHSA-2018:2741",{"_key":54},"RHSA-2018:2742",{"_key":56},"RHSA-2018:2743",{"_key":58},"RHSA-2018:2927",{"_key":60},"RHSA-2017:2811",[],[],"2018-01-10T15:00:00.000Z","2024-09-16T17:32:38.135Z","Modified",{"cisa_kev":67,"cisa_ransomware":67,"cisa_vendor":9,"epss_severity":68,"epss_score":69,"severity":70,"severity_score":4,"severity_version":71,"severity_source":72,"severity_vector":73,"severity_status":65},false,"low",0.00127,"high","v3.1","nvd","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",[75,84,88,92,96,100,107,111,115,119,124,128,132,136,140,144,148,152,158,164,169,173,177,181],{"url":76,"sources":77,"tags":80},"https://access.redhat.com/errata/RHSA-2017:2809",[78,72,79],"cve.org","osv_maven",[81,82,83],"Vendor Advisory","X Refsource REDHAT","WEB",{"url":85,"sources":86,"tags":87},"https://access.redhat.com/errata/RHSA-2018:3817",[78,72,79],[81,82,83],{"url":89,"sources":90,"tags":91},"https://access.redhat.com/errata/RHSA-2018:2740",[78,72,79],[81,82,83],{"url":93,"sources":94,"tags":95},"https://access.redhat.com/errata/RHSA-2017:2810",[78,72,79],[81,82,83],{"url":97,"sources":98,"tags":99},"https://access.redhat.com/errata/RHSA-2018:2741",[78,72,79],[81,82,83],{"url":101,"sources":102,"tags":103},"http://www.securitytracker.com/id/1039744",[78,72,79],[104,105,106,83],"VDB Entry","X Refsource SECTRACK","Third Party Advisory",{"url":108,"sources":109,"tags":110},"https://access.redhat.com/errata/RHSA-2018:2742",[78,72,79],[81,82,83],{"url":112,"sources":113,"tags":114},"https://access.redhat.com/errata/RHSA-2017:3458",[78,72,79],[81,82,83],{"url":116,"sources":117,"tags":118},"https://access.redhat.com/errata/RHSA-2017:2808",[78,72,79],[81,82,83],{"url":120,"sources":121,"tags":122},"http://www.securityfocus.com/bid/101048",[78,72,79],[104,123,106,83],"X Refsource BID",{"url":125,"sources":126,"tags":127},"https://access.redhat.com/errata/RHSA-2017:3455",[78,72,79],[81,82,83],{"url":129,"sources":130,"tags":131},"https://access.redhat.com/errata/RHSA-2018:2927",[78,72,79],[81,82,83],{"url":133,"sources":134,"tags":135},"https://access.redhat.com/errata/RHSA-2017:3456",[78,72,79],[81,82,83],{"url":137,"sources":138,"tags":139},"https://access.redhat.com/errata/RHSA-2018:2743",[78,72,79],[81,82,83],{"url":141,"sources":142,"tags":143},"https://access.redhat.com/errata/RHSA-2017:3454",[78,72,79],[81,82,83],{"url":145,"sources":146,"tags":147},"https://access.redhat.com/errata/RHSA-2017:3141",[78,72,79],[81,82,83],{"url":149,"sources":150,"tags":151},"https://access.redhat.com/errata/RHSA-2017:2811",[78,72,79],[81,82,83],{"url":153,"sources":154,"tags":155},"https://bugzilla.redhat.com/show_bug.cgi?id=1465573",[78,72,79],[156,157,81,83],"X Refsource CONFIRM","Issue Tracking",{"url":159,"sources":160,"tags":161},"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E",[78,72],[162,163],"Mailing List","X Refsource MLIST",{"url":165,"sources":166,"tags":167},"https://nvd.nist.gov/vuln/detail/CVE-2017-7536",[79],[168],"Advisory",{"url":170,"sources":171,"tags":172},"https://github.com/hibernate/hibernate-validator/commit/0886e89900d343ea20fde5137c9a3086e6da9ac",[79],[83],{"url":174,"sources":175,"tags":176},"https://github.com/hibernate/hibernate-validator/commit/0778a5c98b817771a645c6f4ba0b28dd8b5437b",[79],[83],{"url":178,"sources":179,"tags":180},"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E",[79],[83],{"url":182,"sources":183,"tags":184},"https://github.com/hibernate/hibernate-validator",[79],[185],"PACKAGE",[],{"date":188,"score":69,"percentile":189},"2026-06-04",0.31527,[191,195,198,201,204,207,210,213,216,219,222,225,228,231,234,238,241,244,247,250,253,256,259,261,264,267,270,273,276,279,282,285,288,290,293,296,299,302,305,308,311,314,317,320,323,326,329,332,335,338,341,344,347,350,353,356,358,361,364,367,370,373,376,379,382,385,388,391,393,396,399,401,403,406,409,411,414,417,420,423,426,429,432,435,438,441,444,447,450,453],{"date":192,"score":193,"percentile":194},"2025-11-04",0.00104,0.28998,{"date":196,"score":193,"percentile":197},"2025-11-05",0.2897,{"date":199,"score":193,"percentile":200},"2025-11-06",0.2898,{"date":202,"score":193,"percentile":203},"2025-11-07",0.28977,{"date":205,"score":193,"percentile":206},"2025-11-08",0.28979,{"date":208,"score":193,"percentile":209},"2025-11-09",0.28952,{"date":211,"score":193,"percentile":212},"2025-11-10",0.28932,{"date":214,"score":193,"percentile":215},"2025-11-11",0.28955,{"date":217,"score":193,"percentile":218},"2025-11-12",0.29003,{"date":220,"score":193,"percentile":221},"2025-11-13",0.29016,{"date":223,"score":193,"percentile":224},"2025-11-14",0.29011,{"date":226,"score":193,"percentile":227},"2025-11-15",0.29004,{"date":229,"score":193,"percentile":230},"2025-11-16",0.28973,{"date":232,"score":193,"percentile":233},"2025-11-17",0.28957,{"date":235,"score":236,"percentile":237},"2025-11-18",0.00082,0.20097,{"date":239,"score":236,"percentile":240},"2025-11-19",0.20111,{"date":242,"score":236,"percentile":243},"2025-11-20",0.20084,{"date":245,"score":193,"percentile":246},"2025-11-21",0.28994,{"date":248,"score":193,"percentile":249},"2025-11-22",0.29005,{"date":251,"score":193,"percentile":252},"2025-11-23",0.28971,{"date":254,"score":193,"percentile":255},"2025-11-24",0.28945,{"date":257,"score":193,"percentile":258},"2025-11-25",0.28939,{"date":260,"score":193,"percentile":258},"2025-11-26",{"date":262,"score":193,"percentile":263},"2025-11-27",0.28953,{"date":265,"score":193,"percentile":266},"2025-11-28",0.28925,{"date":268,"score":193,"percentile":269},"2025-11-29",0.28915,{"date":271,"score":193,"percentile":272},"2025-11-30",0.28894,{"date":274,"score":193,"percentile":275},"2025-12-01",0.28958,{"date":277,"score":193,"percentile":278},"2025-12-02",0.28983,{"date":280,"score":193,"percentile":281},"2025-12-03",0.28991,{"date":283,"score":193,"percentile":284},"2025-12-04",0.2891,{"date":286,"score":193,"percentile":287},"2025-12-05",0.28944,{"date":289,"score":193,"percentile":255},"2025-12-06",{"date":291,"score":193,"percentile":292},"2025-12-07",0.2892,{"date":294,"score":193,"percentile":295},"2025-12-08",0.28929,{"date":297,"score":193,"percentile":298},"2025-12-09",0.28988,{"date":300,"score":193,"percentile":301},"2025-12-10",0.29058,{"date":303,"score":193,"percentile":304},"2025-12-11",0.29087,{"date":306,"score":193,"percentile":307},"2025-12-12",0.29105,{"date":309,"score":193,"percentile":310},"2025-12-13",0.29103,{"date":312,"score":193,"percentile":313},"2025-12-14",0.29073,{"date":315,"score":193,"percentile":316},"2025-12-15",0.29043,{"date":318,"score":193,"percentile":319},"2025-12-16",0.29061,{"date":321,"score":193,"percentile":322},"2025-12-17",0.29116,{"date":324,"score":193,"percentile":325},"2025-12-18",0.29163,{"date":327,"score":193,"percentile":328},"2025-12-19",0.29177,{"date":330,"score":193,"percentile":331},"2025-12-20",0.29151,{"date":333,"score":193,"percentile":334},"2025-12-21",0.29104,{"date":336,"score":193,"percentile":337},"2025-12-22",0.29071,{"date":339,"score":193,"percentile":340},"2025-12-23",0.29044,{"date":342,"score":193,"percentile":343},"2025-12-24",0.29051,{"date":345,"score":193,"percentile":346},"2025-12-25",0.2912,{"date":348,"score":193,"percentile":349},"2025-12-26",0.29115,{"date":351,"score":193,"percentile":352},"2025-12-27",0.29111,{"date":354,"score":193,"percentile":355},"2025-12-28",0.2903,{"date":357,"score":193,"percentile":249},"2025-12-29",{"date":359,"score":193,"percentile":360},"2025-12-30",0.29002,{"date":362,"score":193,"percentile":363},"2025-12-31",0.29063,{"date":365,"score":193,"percentile":366},"2026-01-01",0.29183,{"date":368,"score":193,"percentile":369},"2026-01-02",0.29181,{"date":371,"score":193,"percentile":372},"2026-01-03",0.29161,{"date":374,"score":193,"percentile":375},"2026-01-04",0.29041,{"date":377,"score":193,"percentile":378},"2026-01-05",0.29035,{"date":380,"score":193,"percentile":381},"2026-01-06",0.29046,{"date":383,"score":193,"percentile":384},"2026-01-07",0.29077,{"date":386,"score":193,"percentile":387},"2026-01-08",0.29109,{"date":389,"score":193,"percentile":390},"2026-01-09",0.29098,{"date":392,"score":193,"percentile":304},"2026-01-10",{"date":394,"score":193,"percentile":395},"2026-01-11",0.29064,{"date":397,"score":193,"percentile":398},"2026-01-12",0.29017,{"date":400,"score":193,"percentile":246},"2026-01-13",{"date":402,"score":193,"percentile":316},"2026-01-14",{"date":404,"score":193,"percentile":405},"2026-01-15",0.29042,{"date":407,"score":193,"percentile":408},"2026-01-16",0.29065,{"date":410,"score":193,"percentile":408},"2026-01-17",{"date":412,"score":193,"percentile":413},"2026-01-18",0.29013,{"date":415,"score":193,"percentile":416},"2026-01-19",0.28978,{"date":418,"score":193,"percentile":419},"2026-01-20",0.28963,{"date":421,"score":193,"percentile":422},"2026-01-21",0.28904,{"date":424,"score":193,"percentile":425},"2026-01-22",0.28874,{"date":427,"score":193,"percentile":428},"2026-01-23",0.28948,{"date":430,"score":193,"percentile":431},"2026-01-24",0.28938,{"date":433,"score":193,"percentile":434},"2026-01-25",0.28861,{"date":436,"score":193,"percentile":437},"2026-01-26",0.28775,{"date":439,"score":193,"percentile":440},"2026-01-27",0.28757,{"date":442,"score":193,"percentile":443},"2026-01-28",0.28737,{"date":445,"score":193,"percentile":446},"2026-01-29",0.28694,{"date":448,"score":193,"percentile":449},"2026-01-30",0.2868,{"date":451,"score":193,"percentile":452},"2026-01-31",0.28681,{"date":454,"score":193,"percentile":455},"2026-02-01",0.28752,[457,467],{"source":72,"cvss_v2_0":458,"cvss_v3_0":9,"cvss_v3_1":463,"cvss_v4_0":9},{"baseScore":459,"baseSeverity":9,"vectorString":460,"impactScore":461,"exploitabilityScore":462},4.4,"AV:L/AC:M/Au:N/C:P/I:P/A:P",6.4,3.4,{"baseScore":4,"baseSeverity":464,"vectorString":73,"impactScore":465,"exploitabilityScore":466},"HIGH",9.8,2.6,{"source":79,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":468,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":9,"vectorString":73,"impactScore":465,"exploitabilityScore":466},[470,493,504,519,531,536,541,546],{"ecosystem":471,"name":472,"vendor":473,"product":474,"cpe_part":9,"purl_type":475,"purl_namespace":473,"purl_name":474,"source":9,"versions":476},"Maven","org.hibernate:hibernate-validator","org.hibernate","hibernate-validator","maven",[477,485,489],{"version":478,"is_range":479,"range_type":480,"version_start":481,"version_start_type":482,"version_end":483,"version_end_type":484,"fixed_in":9},"gte5_2_0_lt5_2_5_Final",true,"ecosystem","5.2.0","including","5.2.5.Final","excluding",{"version":486,"is_range":479,"range_type":480,"version_start":487,"version_start_type":482,"version_end":488,"version_end_type":484,"fixed_in":9},"gte5_3_0_lt5_3_6_Final","5.3.0","5.3.6.Final",{"version":490,"is_range":479,"range_type":480,"version_start":491,"version_start_type":482,"version_end":492,"version_end_type":484,"fixed_in":9},"gte5_4_0_lt5_4_2_Final","5.4.0","5.4.2.Final",{"ecosystem":9,"name":474,"vendor":494,"product":474,"cpe_part":495,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":496},"red hat, inc.","a",[497,499,501],{"version":498,"is_range":67,"range_type":78,"version_start":498,"version_start_type":482,"version_end":498,"version_end_type":482,"fixed_in":9},"5.2.x before 5.2.5 final",{"version":500,"is_range":479,"range_type":78,"version_start":487,"version_start_type":482,"version_end":491,"version_end_type":484,"fixed_in":9},"5.3.x",{"version":502,"is_range":479,"range_type":78,"version_start":491,"version_start_type":482,"version_end":503,"version_end_type":484,"fixed_in":9},"5.4.x","5.5.0",{"ecosystem":9,"name":505,"vendor":506,"product":507,"cpe_part":495,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":508},"hibernate validator","redhat","hibernate_validator",[509,513,516],{"version":510,"is_range":479,"range_type":511,"version_start":481,"version_start_type":482,"version_end":512,"version_end_type":484,"fixed_in":9},"gte5.2.0_lt5.2.5","cpe","5.2.5",{"version":514,"is_range":479,"range_type":511,"version_start":487,"version_start_type":482,"version_end":515,"version_end_type":484,"fixed_in":9},"gte5.3.0_lt5.3.6","5.3.6",{"version":517,"is_range":479,"range_type":511,"version_start":491,"version_start_type":482,"version_end":518,"version_end_type":484,"fixed_in":9},"gte5.4.0_lt5.4.2","5.4.2",{"ecosystem":9,"name":520,"vendor":506,"product":521,"cpe_part":495,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":522},"jboss enterprise application platform","jboss_enterprise_application_platform",[523,525,527,529],{"version":524,"is_range":67,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.0",{"version":526,"is_range":67,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.4.0",{"version":528,"is_range":67,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"version":530,"is_range":67,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.1",{"ecosystem":9,"name":532,"vendor":506,"product":532,"cpe_part":495,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":533},"satellite",[534],{"version":535,"is_range":67,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.4",{"ecosystem":9,"name":537,"vendor":506,"product":538,"cpe_part":495,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":539},"satellite capsule","satellite_capsule",[540],{"version":535,"is_range":67,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":542,"vendor":506,"product":542,"cpe_part":495,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":543},"virtualization",[544],{"version":545,"is_range":67,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0",{"ecosystem":9,"name":547,"vendor":506,"product":548,"cpe_part":495,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":549},"virtualization host","virtualization_host",[550],{"version":545,"is_range":67,"range_type":511,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]