CVE-2025-35036
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-35036
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-35036.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-35036
- Aliases
- Downstream
- Published
- 2025-06-03T20:15:21Z
- Modified
- 2025-10-18T06:57:06.392804Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.
- References
-
- https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final
- https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1
- https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language
- https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e
- https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1
- https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78
- https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893
- https://github.com/hibernate/hibernate-validator/pull/1138
- https://hibernate.atlassian.net/browse/HV-1816
- https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext
- https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/
- https://www.cve.org/CVERecord?id=CVE-2020-5245
- https://www.cve.org/CVERecord?id=CVE-2025-4428
Affected packages
Git / github.com/hibernate/hibernate-validator
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hibernate/hibernate-validator
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixed
Affected versions
4.*
4.2.0.Beta1
4.2.0.Beta2
4.2.0.CR1
4.2.0.Final
4.3.0.Alpha1
4.3.0.Beta1
4.3.0.CR1
4.3.0.Final
5.*
5.0.0.Alpha1
5.0.0.Alpha2
5.0.0.Beta1
5.0.0.CR1
5.0.0.CR2
5.0.0.CR3
5.0.0.CR4
5.0.0.CR5
5.0.0.Final
5.0.1.Final
5.1.0.Alpha1
5.1.0.Beta1
5.1.0.CR1
5.1.0.Final
5.1.1.Final
5.2.0.Alpha1
5.2.0.Beta1
5.2.0.CR1
5.2.0.Final
5.2.1.Final
5.2.2.Final
5.3.0.Alpha1
6.*
6.0.0.Alpha1
6.0.0.Alpha2
6.0.0.Beta1
6.0.0.Beta2
6.0.0.CR1
6.0.0.CR2
6.0.0.CR3
6.0.1.Final
6.0.2.Final
6.0.3.Final
6.0.4.Final
6.0.5.Final
6.0.6.Final
6.0.7.Final
6.0.8.Final
6.0.9.Final
6.1.0.Alpha1
6.1.0.Alpha2
6.1.0.Alpha3
6.1.0.Alpha4
6.1.0.Alpha5
6.1.0.Alpha6
6.1.0.Final
6.1.1.Final
6.1.2.Final
6.1.3.Final
6.1.4.Final
6.1.5.Final
6.1.6.Final
7.*
7.0.0.Alpha1
7.0.0.Alpha2
7.0.0.Alpha3
7.0.0.Alpha4
7.0.0.Alpha5
7.0.0.Alpha6
Other
pre-validator3-removal
Database specific
vanir_signatures
[
{
"id": "CVE-2025-35036-0334899a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/ExpressionLanguageMessageInterpolationTest.java",
"function": "testExpressionLanguageGraphNavigation"
},
"digest": {
"function_hash": "53132354848921653279240027062658959689",
"length": 385.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-06a9fa0b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/ResourceBundleMessageInterpolatorTest.java"
},
"digest": {
"line_hashes": [
"328843621724750911045197382627416352944",
"63462871454512816524441712637456389165",
"141495136267102090788741310730808188435",
"300226353204490617335826773033150457851"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-0a26aaaa",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java",
"function": "addBeanNode"
},
"digest": {
"function_hash": "118961829237676041157907882110933172681",
"length": 122.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-1778ad92",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintViolationCreationContext.java"
},
"digest": {
"line_hashes": [
"252976711605015100770589015207773339525",
"81612213826420689844617027361441926903",
"49842335275290622389380060669589282428",
"319511715499858770114531143619659726007",
"259161331718843706623118696590637806126",
"339239629288093485293896332514725614522",
"293247054999456889140532142176326152637",
"280753267405149529550899253669453402",
"278127830019826735559980297374235412415",
"7814232471475039296559063841335433329",
"242353338176685517733360769221301728786",
"108030884702838902059490566966704441784",
"273965060529734127197509964326947221189",
"112086653303994890717802167219725005404",
"293465200423660725388487217632307300341",
"252847525410677531402796531687400413884",
"145200491789580825992072777165995408283",
"174022087838843045563444434812901968055",
"333811806111647211646730250574373526345",
"77517983090291356066623063516793040620",
"45053727969367004905597851148198418050",
"157700001041495746771420018243400828225",
"98977356859280886952677950292432705533",
"91969324070293694164244086277185274772"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-1870c33c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java",
"function": "addPropertyNode"
},
"digest": {
"function_hash": "101539442712769972547130497967522792860",
"length": 124.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-18f1e0e9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/MessageInterpolatorContextTest.java",
"function": "testUnwrapToInterfaceTypesSucceeds"
},
"digest": {
"function_hash": "182463512985423025305762632926139476296",
"length": 389.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-1b0ec8dc",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/constraintvalidation/HibernateConstraintValidatorContextTest.java",
"function": "isValid"
},
"digest": {
"function_hash": "320186364514718432697513677683025519954",
"length": 444.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-225af0bf",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/ExpressionLanguageMessageInterpolationTest.java",
"function": "createMessageInterpolatorContext"
},
"digest": {
"function_hash": "322069844497792354756450850256853128732",
"length": 178.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-24211891",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/CrossParameterConstraintValidatorContextImpl.java"
},
"digest": {
"line_hashes": [
"38387867936390533170739482806854675986",
"277321435862514444981217096200225475611",
"155699438179952175279533588621241577934",
"268659563863049063498954337646863976804",
"242580364352010022366276071683865433950",
"223799848846861403431345878726891664947",
"131615149295265332088374276846106234545"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-242aacce",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintViolationCreationContext.java",
"function": "toString"
},
"digest": {
"function_hash": "150215448806144444760597034261810687753",
"length": 519.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-25a0d21f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/constraintvalidation/HibernateConstraintValidatorContext.java"
},
"digest": {
"line_hashes": [
"236168143812879097945867485292420371215",
"85255378519784850102402222423277699163",
"147870071914341896662213355040564633787"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-26c427d3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/ExpressionLanguageMessageInterpolationTest.java",
"function": "testUnknownPropertyInExpressionLanguageGraphNavigation"
},
"digest": {
"function_hash": "229479361117463535132352275601934296276",
"length": 375.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-2f410e7c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "documentation/src/test/java/org/hibernate/validator/referenceguide/chapter06/elinjection/UnsafeValidator.java"
},
"digest": {
"line_hashes": [
"71997551215374492701240441375373535142",
"334588399728132077406397388111123997322",
"180769157430490928547612731158416404773",
"172716599806094832014954327183198626689",
"339997432328581059295834434718484566592",
"92257132658430021619774163274698172540",
"206846247734176531354044275749100357552"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-34741425",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/MessageInterpolatorContextTest.java",
"function": "testContextWithRightDescriptorAndValueAndRootBeanClassIsPassedToMessageInterpolator"
},
"digest": {
"function_hash": "71637865267256942841001217981165246639",
"length": 772.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-38e3da6f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/ResourceBundleMessageInterpolatorTest.java",
"function": "createMessageInterpolatorContext"
},
"digest": {
"function_hash": "322069844497792354756450850256853128732",
"length": 178.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-39065153",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/MessageInterpolatorContext.java",
"function": "toString"
},
"digest": {
"function_hash": "4310262439267592431776672412182088352",
"length": 619.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-4066d9c7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/validationcontext/AbstractValidationContext.java"
},
"digest": {
"line_hashes": [
"146538989472556694872644078381621540727",
"93957680064760391513887592786260703683",
"18547144624469823422831169379288852720",
"23288580173192040452721356395902236592",
"76245036524336187015558907145919654287",
"155224907965182792173992255524558754890",
"222776808182164393411845750109986717056",
"230983729658282625490425648206599689076",
"109134630767748083164924505394973829891",
"173399126517783300557384777411789144662",
"106710059736167581041252931728841451324",
"289561740505808665574619345874885776409"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-42773c63",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java",
"function": "DeferredNodeBuilder"
},
"digest": {
"function_hash": "114707050059878911044539726957396659871",
"length": 242.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-4bc777dd",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/MessageInterpolatorContextTest.java",
"function": "testUnwrapToImplementationCausesValidationException"
},
"digest": {
"function_hash": "284676188077209406983594222499073673930",
"length": 205.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-4cbe6a35",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/constraintvalidation/HibernateConstraintValidatorContextTest.java"
},
"digest": {
"line_hashes": [
"192828133449171881287463534589596795672",
"258782749775617411577040580106295970292",
"181902101250175773934068675381500017644",
"321709463476339444363871647378776688203",
"219633620606923864528224774560746356427",
"137396512183191255767189036374300641803",
"340043999535238494663328363655145455363",
"189411554704779852633545860535602107822",
"83377909607897282877370548333793618540",
"272049234783027564629473693106447009741",
"36340731665768782122641646400052862703",
"23656731540633392009836219130248949407",
"274434896181436751731068125547618711798",
"199578658123826124742020656340344671093",
"178609634567605380351829726497567152655",
"248302705073372134222860494100845987732",
"292263653538384450957498607611727807485",
"117918414250858640740583120275892563607",
"131689720518313166178824819492137175001",
"115788208836197059236013001401395563458",
"239245146730443647901482247242316309105",
"218953132037519565898096568834106767477"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-51c3814f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java"
},
"digest": {
"line_hashes": [
"75302642506013021970712017376565027409",
"191188447316302118228476633949073592138",
"31275596414752950564517468886334588453",
"282836842835265232366134297415486464729",
"326936698411891024112123492443571248463",
"169460484818618500679107837722436585925",
"152084696911754190919607957651823581034",
"113123727749761915198677850517317356482",
"60356947884909002159994241602263691268",
"174136667918840552496084160114728399386",
"283583674791811165359963811413306723130",
"280601835140757829637902263153536422684",
"339422170566771737652753061405619268344",
"205257326508397133840032269600947825206",
"97253006237033444358101051894404037437",
"220127976337202531064535311784018383431",
"242567758318819521194051089381381231158",
"827583641954826408725973861798097259",
"260141924113731937941573792499389912036",
"331415050944224993939248709078234341606",
"244727511195693283132532700656563418598",
"208875714768334822320780324127799252355",
"12414599282022076191343679618406202708",
"82189523761378525101981258843582436271",
"154986682181421223678096699976597531953",
"236580211557739289320736835675400859995",
"255221682464702952019928206880297597854",
"85387439296524535363464166332041677975",
"235222027269842621263662902414665630540",
"223090978164590468018489773816618281294",
"215348170940134901037612345055721887694",
"47171478230201316715340225157233624603",
"295507822992340555665116211115173673000",
"255682960820961492761707945148051376349",
"202619927385443025888550000205629602991",
"130597026911134893839103313961631339635",
"232757370692693366033070411402436942409",
"190381578794853372406803747438922908621",
"90418769186905964937368262793683170668",
"290543081323550566131877888049260841984",
"29184955742051900075580115682616317405",
"59052985948365669429312443058598524922",
"134918437737490118595302175678859777712",
"328589382416254929997587084391824345708",
"283701304722794681007752194271924987530",
"317905187721522973159963376424122588498",
"202619927385443025888550000205629602991",
"130597026911134893839103313961631339635",
"232757370692693366033070411402436942409",
"190381578794853372406803747438922908621",
"231204098947254908987699510524363838902",
"181888580651923405711423293017521988475",
"207796908118009688939038850298379792920",
"270215019285169412499494619287592048073",
"244804520369314259372998435965307769206",
"245180044563592485670673967694225057295",
"174177918938392751540310330956420948991",
"18504598670090203667605085496343132651",
"103211439212251734576588319578040713678",
"80387469855402904399937620223505890037",
"239064737386540178080514791282287473943",
"148813715201601151871145886087473314974",
"3502120077593174801766497001031956612",
"322207816760354314471492089254956718936",
"109072954989990454236436583214161400403",
"34313797698041476438121789688852324244",
"300357530430681973254265212713373396268",
"24913105452903778428539774032335289407",
"300627727587377030358333575488301676792",
"93442554700554637999098012225139235266",
"259397406907559618784772251615916282907",
"312327247692457646473290009332678721671",
"218436165320707701305239756706021622934",
"260001261463809818104905026199932748107",
"49721923595058342406119535458742375785",
"221185247011306936228648385686821868551",
"44456892691650776400508465087198708450",
"335178929986624545512801132637134004509",
"217216118416563071663043603791245666060",
"153776234851753381140079012350225687379",
"329531097348534137518141079115390052400"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-52b51e25",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintViolationCreationContext.java",
"function": "ConstraintViolationCreationContext"
},
"digest": {
"function_hash": "245012254926244949103702528907088192501",
"length": 168.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-5701bd40",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorFactoryConfigurationHelper.java",
"function": "determineGetterPropertySelectionStrategy"
},
"digest": {
"function_hash": "22496283116615380084080871322112798781",
"length": 671.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
},
{
"id": "CVE-2025-35036-6d42f3c9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/messageinterpolation/HibernateMessageInterpolatorContext.java"
},
"digest": {
"line_hashes": [
"110923543789640694883415724689512853842",
"241583813382439228929298350693446472778"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-6eebda3e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java",
"function": "getDefaultConstraintViolationCreationContext"
},
"digest": {
"function_hash": "253530458490350894339114507089905577635",
"length": 284.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-74135114",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/ExpressionLanguageMessageInterpolationTest.java",
"function": "testCallingWrongFormatterMethod"
},
"digest": {
"function_hash": "81972612243982897692564037740107213401",
"length": 485.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-744ca6d5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/MessageInterpolatorContextTest.java"
},
"digest": {
"line_hashes": [
"141487912576755250126723616282138324425",
"36191677921575582579633968704697316549",
"310651499640288541905818109723176940118",
"335589872587221461480851734037017190523",
"100377945753545133392699240077287868123",
"234849947919067234173653139607424279813",
"238579143017607923819741045211000168907",
"56655715071936057179783438160948892837",
"211308299250145993964318369928031834268",
"188808449386523985836594909695718271476",
"109556309760996444458024936896141265390",
"250830822603696007956660033533563289698",
"312337018663294427240162436172812885009",
"38425689923588914145809079519403695212",
"60446806153132283673683867357652881362",
"339633595265030056398567319609999272679",
"288641536012936788037713063913160237937",
"121664340551973461082882307195728991220",
"278881713734445938333894053427460350329",
"234664967641115437495724262157101777479",
"180514103894426503246423074722215548083"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-7e6bfe6e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/MessageInterpolatorContext.java",
"function": "MessageInterpolatorContext"
},
"digest": {
"function_hash": "321987572718987299023939602142287973014",
"length": 262.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-802c4380",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java",
"function": "addContainerElementNode"
},
"digest": {
"function_hash": "75031943349832346977188032822730056167",
"length": 158.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-894a84aa",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorFactoryConfigurationHelper.java",
"function": "determineBeanMetaDataClassNormalizer"
},
"digest": {
"function_hash": "196033088981482505071389232797826295625",
"length": 130.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
},
{
"id": "CVE-2025-35036-8a036c6d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "documentation/src/test/java/org/hibernate/validator/referenceguide/chapter06/elinjection/SafeValidator.java"
},
"digest": {
"line_hashes": [
"83069611283624432938652182100144968714",
"52410910449237198571242435955694478072",
"250975853427854872224079438918835633901",
"131627098810617914443333323116896571899"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-8afb9386",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/validationcontext/AbstractValidationContext.java",
"function": "addConstraintFailure"
},
"digest": {
"function_hash": "288772436263012493430397418477259601254",
"length": 370.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-8c3a32f9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/ExpressionLanguageMessageInterpolationTest.java"
},
"digest": {
"line_hashes": [
"44425713172553827314140862050185935303",
"258042919126549078072520715273470492957",
"309885182070036018117122406899521721678",
"328843621724750911045197382627416352944",
"256767799739813710009047963696459729059",
"40091213280098738043534143067876578242",
"37858878387282234424930161632719683833",
"328843621724750911045197382627416352944",
"143172787547419409215966138949155502496",
"21427931175884628912028086446254785894",
"112189258257602030906363422154801821802",
"328843621724750911045197382627416352944",
"83568797761224147036484295702934915792",
"197042291001205135927595771985428220194",
"198814716146440263825942372375617596306",
"328843621724750911045197382627416352944",
"57568660982679153168210582187108385188",
"57417526255925641604279271166568090900",
"237225020840227858833518252541006142816",
"328843621724750911045197382627416352944",
"63462871454512816524441712637456389165",
"297290554367787698656349876070332377462"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-9376a80f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java",
"function": "addConstraintViolation"
},
"digest": {
"function_hash": "182086881255693514583832724558011700261",
"length": 514.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-9583359d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorFactoryConfigurationHelper.java"
},
"digest": {
"line_hashes": [
"300508920332376846227292194512892751279",
"293229380553587770168195937527710720953",
"98719507562942298765770930828045545608",
"30779778829022247796263093577854660258",
"149177095483548240214520711492150855707",
"100671570546248295997671331900354552194",
"8399705681764756983382493063927686752",
"48307567701072880923167990421117396641",
"63104721597028361712218511251603430504",
"29991020944209829490063779004517234313",
"36790903345555824160024909389473116911",
"32255667107180162032086822684291292810",
"11830285366136646454119135187991724607",
"165705029323554438772806123553767859675",
"157458670475047157876174661302323466807",
"89472979370002872438240086455737397558",
"79967878231520499940593594254935225910",
"141564700687590939048540240335316259145",
"35159135555249925748131976404832423062",
"279890629253226645980772479764797734825",
"130476103047549705179310112799699359775",
"230114624849757049758722275797276927823",
"83752894769842327037381192240342773450",
"14892274544760176178005121579911613123"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
},
{
"id": "CVE-2025-35036-960db5d5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java",
"function": "addBeanNode"
},
"digest": {
"function_hash": "275652114291157372530015732940304659704",
"length": 107.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-98cd9faf",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java",
"function": "addContainerElementNode"
},
"digest": {
"function_hash": "246938003449818050080012172225799269922",
"length": 143.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-993a1ede",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/MessageInterpolatorContext.java"
},
"digest": {
"line_hashes": [
"79146815997352389213525901249184182964",
"312613274379572972531238141275071643354",
"21242178813967657957240001781074793938",
"207495576159389886537827867810243661805",
"234231925671442658754026083141994932411",
"131530756527217823436809021114966268124",
"62096949600491697021977440434675967343",
"129159135180131998985333932217494913441",
"228748236975162336095843322576349570047",
"302682607306612269766217297397768216566",
"35246827927653820391998359832603085540",
"104095751116485574523123755926166582209",
"29331507241852163421685481145321137986",
"210771485777753933853398869254759030773",
"221719447708709642718196799221664576925",
"91669312958107889278626788734146669018",
"45288154317212400902133119833496776388",
"116616783052624454758739117334616353192",
"16797255232932359414861683676904886426",
"24091121871561732578608309881457133031",
"303988681080770247937197768309820339192",
"270483488507467513726693011156853947430",
"79091752493553847806907672888850059932"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-99fd5767",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/ExpressionLanguageMessageInterpolationTest.java",
"function": "testLocaleBasedFormatting"
},
"digest": {
"function_hash": "100621570027044874434687083268271006005",
"length": 561.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-9f0191c7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorFactoryConfigurationHelper.java",
"function": "determineLocaleResolver"
},
"digest": {
"function_hash": "35143339927858444071186802379749373898",
"length": 633.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
},
{
"id": "CVE-2025-35036-a5e02d89",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java",
"function": "DeferredNodeBuilder"
},
"digest": {
"function_hash": "255450829795776674549810895914813506316",
"length": 229.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-a7fe350a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/validationcontext/AbstractValidationContext.java",
"function": "interpolate"
},
"digest": {
"function_hash": "197322020073140837079903820087008160959",
"length": 370.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-afc439f9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "documentation/src/test/java/org/hibernate/validator/referenceguide/chapter06/elinjection/SafeValidator.java",
"function": "isValid"
},
"digest": {
"function_hash": "77300442245723970462611723788490232703",
"length": 336.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-b1514aa5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/MessageInterpolatorContextTest.java",
"function": "testGetPropertyPath"
},
"digest": {
"function_hash": "171530886758935807821933684758464826112",
"length": 282.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-be01d4e6",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java",
"function": "addBeanNode"
},
"digest": {
"function_hash": "275652114291157372530015732940304659704",
"length": 107.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-c83166f8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorFactoryConfigurationHelper.java",
"function": "determineCustomViolationExpressionLanguageFeatureLevel"
},
"digest": {
"function_hash": "209019870719797936976058663190231917796",
"length": 528.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
},
{
"id": "CVE-2025-35036-d17e19ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintViolationCreationContext.java",
"function": "ConstraintViolationCreationContext"
},
"digest": {
"function_hash": "332628535923395954660255908781981696903",
"length": 232.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-d3ca4f84",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "documentation/src/test/java/org/hibernate/validator/referenceguide/chapter06/elinjection/UnsafeValidator.java",
"function": "isValid"
},
"digest": {
"function_hash": "263240472940749380765318663146303295178",
"length": 242.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-df9f39ca",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/test/java/org/hibernate/validator/test/internal/engine/messageinterpolation/MessageInterpolatorContextTest.java",
"function": "testGetRootBeanType"
},
"digest": {
"function_hash": "310933027154874388180006298246625639129",
"length": 269.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-e10ea482",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/util/logging/Log.java"
},
"digest": {
"line_hashes": [
"24306329563981798343797185915355204008",
"41415106509983374281324708908786810329"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-e700dfb5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorFactoryConfigurationHelper.java",
"function": "determinePropertyNodeNameProvider"
},
"digest": {
"function_hash": "133691556326701045838224880619560621574",
"length": 657.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
},
{
"id": "CVE-2025-35036-e8b0fcb9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java",
"function": "addPropertyNode"
},
"digest": {
"function_hash": "328199606188430503672231761461557394831",
"length": 139.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-eda3d838",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java",
"function": "addContainerElementNode"
},
"digest": {
"function_hash": "75031943349832346977188032822730056167",
"length": 158.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-f2fe63ac",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/messageinterpolation/AbstractMessageInterpolator.java"
},
"digest": {
"line_hashes": [
"150091159088893480374004662103753937770",
"149776191808360603237250178051016251172",
"192900778300729176162790019297947890108",
"73448638037801557412208459045151419391",
"337083005188681222142112405731205839778",
"318781136323828133990591087597934345129",
"56331472911362572563310142999012351559",
"276940979896077165260905938238864837326"
],
"threshold": 0.9
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-f84abbf7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/messageinterpolation/AbstractMessageInterpolator.java",
"function": "interpolateMessage"
},
"digest": {
"function_hash": "185537251007954464180686692451563955467",
"length": 701.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"id": "CVE-2025-35036-fb060a85",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/ValidatorFactoryConfigurationHelper.java",
"function": "determineConstraintExpressionLanguageFeatureLevel"
},
"digest": {
"function_hash": "1765656540626946753989912374371144364",
"length": 546.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
},
{
"id": "CVE-2025-35036-ff83e445",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "engine/src/main/java/org/hibernate/validator/internal/engine/constraintvalidation/ConstraintValidatorContextImpl.java",
"function": "addPropertyNode"
},
"digest": {
"function_hash": "328199606188430503672231761461557394831",
"length": 139.0
},
"source": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
}
]