EUVD-2025-9738

Malicious code in bioql PyPI...

Remote Code Execution (RCE)

generator-jhipster-entity-audit is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe reflection caused by using Javers as the Entity Audit Framework, which allows malicious classes on the classpath to be exploited through exposed REST endpoints...

CVE-2025-31119

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...

generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework

Summary CWE-470 Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' when having Javers selected as Entity Audit Framework Details In the following two occurences, user input directly leads to class loading without checking against e.g. a whitelist of allowed classes...

CVE-2025-31119

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...

CVE-2025-31119 CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...

CVE-2025-31119 CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...

CVE-2025-31119 CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...

PT-2025-14791 · Jhipster · Generator-Jhipster-Entity-Audit

Name of the Vulnerable Software and Affected Versions: generator-jhipster-entity-audit versions prior to 5.9.1 Description: The issue allows for unsafe reflection when Javers is selected as the Entity Audit Framework. If an attacker can place malicious classes into the classpath and access the RE...

generator-jhipster-entity-audit 安全漏洞

generator-jhipster-entity-audit is a JHipster module in the JHipster open source for enabling entity auditing and audit log pages. A security vulnerability exists in generator-jhipster-entity-audit versions prior to 5.9.1 that stems from insecure reflection that could lead to remote code executio...