All versions of generator-jhipster-kotlin
use a Cryptographically Weak PRNG that may lead to account takeover. The package uses a cryptographically insecure method to generate password reset links, which allows an attacker to guess password reset links and takeover accounts.
No fix is currently available. Consider using an alternative package until a fix is made available.
CPE | Name | Operator | Version |
---|---|---|---|
generator-jhipster-kotlin | ge | 0.0.0 |