npm package
generator-jhipster-kotlin
pkg:npm/generator-jhipster-kotlin
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-4072 | — | >= 1.6.0, < 1.7.0 | 1.7.0 | Jun 25, 2020 | In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117. | ||
| CVE-2019-16303 | — | < 1.2.0 | 1.2.0 | Sep 13, 2019 | A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the |
- CVE-2020-4072Jun 25, 2020affected >= 1.6.0, < 1.7.0fixed 1.7.0
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.
- CVE-2019-16303Sep 13, 2019affected < 1.2.0fixed 1.2.0
A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the