VYPR

npm package

generator-jhipster-kotlin

pkg:npm/generator-jhipster-kotlin

Vulnerabilities (2)

  • CVE-2020-4072Jun 25, 2020
    affected >= 1.6.0, < 1.7.0fixed 1.7.0

    In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.

  • CVE-2019-16303Sep 13, 2019
    affected < 1.2.0fixed 1.2.0

    A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the