Versions of generator-jhipster
use a Cryptographically Weak PRNG that may lead to account takeover. The package uses a cryptographically insecure method to generate password reset links, which allows an attacker to guess password reset links and takeover accounts.
Update to version 6.3.0 or later.
CPE | Name | Operator | Version |
---|---|---|---|
generator-jhipster | lt | 6.3.0 |