- EPSS 0.04%
- Veröffentlicht 25.07.2025 13:15:29
- Zuletzt bearbeitet 04.08.2025 12:15:26
JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the ...
CVE-2015-20110
- EPSS 0.21%
- Veröffentlicht 31.10.2023 03:15:07
- Zuletzt bearbeitet 21.11.2024 02:26:34
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing t...
CVE-2019-16303
- EPSS 1.9%
- Veröffentlicht 14.09.2019 00:15:10
- Zuletzt bearbeitet 21.11.2024 04:30:29
A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own pass...