npm package
generator-jhipster
pkg:npm/generator-jhipster
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-43712 | Low | 2.9 | < 8.9.0 | 8.9.0 | Jul 25, 2025 | JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLE_USER. By manipulati | |
| CVE-2015-20110 | — | < 2.23.0 | 2.23.0 | Oct 31, 2023 | JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course dras | ||
| CVE-2022-24815 | — | >= 7.0.0, < 7.8.1 | 7.8.1 | Apr 11, 2022 | JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2db |
- affected < 8.9.0fixed 8.9.0
JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLE_USER. By manipulati
- CVE-2015-20110Oct 31, 2023affected < 2.23.0fixed 2.23.0
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course dras
- CVE-2022-24815Apr 11, 2022affected >= 7.0.0, < 7.8.1fixed 7.8.1
JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2db