hibernate-validator is vulnerable to privilege escalation attacks. When the security manager is used, its reflective permissions allow the access to private members.
www.securityfocus.com/bid/101048
www.securitytracker.com/id/1039744
access.redhat.com/errata/RHSA-2017:2808
access.redhat.com/errata/RHSA-2017:2809
access.redhat.com/errata/RHSA-2017:2810
access.redhat.com/errata/RHSA-2017:2811
access.redhat.com/errata/RHSA-2017:3141
access.redhat.com/errata/RHSA-2017:3454
access.redhat.com/errata/RHSA-2017:3455
access.redhat.com/errata/RHSA-2017:3456
access.redhat.com/errata/RHSA-2017:3458
access.redhat.com/errata/RHSA-2018:2740
access.redhat.com/errata/RHSA-2018:2741
access.redhat.com/errata/RHSA-2018:2742
access.redhat.com/errata/RHSA-2018:2743
access.redhat.com/errata/RHSA-2018:2927
access.redhat.com/errata/RHSA-2018:3817
bugzilla.redhat.com/show_bug.cgi?id=1465573
github.com/advisories/GHSA-xxgp-pcfc-3vgc
github.com/gunnarmorling
github.com/hibernate/hibernate-validator/commit/0886e89900d343ea20fde5137c9a3086e6da9ac9
github.com/hibernate/hibernate-validator/commit/cdada2013dd25b32688310f20b7702f7de539f96
hibernate.atlassian.net/browse/HV-1498
lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E