5 matches found
CVE-2019-16303
A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness apache.commons.lang3 RandomStringUtils. This allows an attacker if able to obtain their own password reset URL to compute the value for all other...
GitHub Security Lab: Java: QL Query Detector for JHipster Generated CVE-2019-16303
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: 3,880 Pull Requests Generated to fix JHipster RNG Vulnerability CVE-2019-16303
This bug was reported directly to GitHub Security Lab...
CVE-2019-16303
creationtimestamp| type| source ---|---|--- 2020-06-23 22:17:52+00:00| published-proof-of-concept| https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-j3rh-8vwq-wh84 2020-12-23 20:42:25+00:00| seen| https://t.me/ctinow/26169 2020-12-23 20:42:26+00:00| seen| https://t.me/ctinow/26...
CVE-2019-16303
CVE-2019-16303 affects JHipster-generated apps: a class produced by the Generator (before 6.3.0) and JHipster Kotlin (through 1.1.0) uses an insecure RNG (apache.commons.lang3 RandomStringUtils) to create password reset tokens. This can enable an attacker who obtains their own password reset URL ...