EUVD-2020-0506

Malware in sbrugna...

@iurra/chickpea-stew (>=0.3.0 <=0.3.7), @joaopaulomfe/generator-jhipster-agile-kip (>=0.1.0 <=0.1.1) +175 more potentially affected by CVE-2025-43712 via generator-jhipster (>=2.25.0 <=9.1.0)

generator-jhipster NPM version =2.25.0, =0.3.0, =0.1.0, =0.0.7, =0.0.3, =0.0.11, =2.0.13, =0.0.0, =1.0.0, =0.1.0, =0.0.1, =0.0.2 and more Source cves: CVE-2025-43712 Source advisory: SNYK:JS-GENERATORJHIPSTER-11023283...

Incorrect Authorization

Overview generator-jhipster is a development platform to generate, develop and deploy Spring Boot + Angular / React / Vue Web applications and Spring microservices. Affected versions of this package are vulnerable to Incorrect Authorization via the authorities parameter in the response from the...

Remote Code Execution (RCE)

generator-jhipster-entity-audit is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe reflection caused by using Javers as the Entity Audit Framework, which allows malicious classes on the classpath to be exploited through exposed REST endpoints...

CVE-2025-31119

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...

CVE-2025-31119 CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...

CVE-2025-31119

generator-jhipster-entity-audit (a JHipster module) is affected by unsafe reflection when Javers is used as the Entity Audit Framework. Before version 5.9.1, an attacker who can place malicious classes on the classpath and access the REST endpoints could trigger remote code execution. The issue i...

CVE-2025-31119 CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...

generator-jhipster-entity-audit 安全漏洞

generator-jhipster-entity-audit is a JHipster module in the JHipster open source for enabling entity auditing and audit log pages. A security vulnerability exists in generator-jhipster-entity-audit versions prior to 5.9.1 that stems from insecure reflection that could lead to remote code executio...

PT-2025-14791 · Jhipster · Generator-Jhipster-Entity-Audit

Name of the Vulnerable Software and Affected Versions: generator-jhipster-entity-audit versions prior to 5.9.1 Description: The issue allows for unsafe reflection when Javers is selected as the Entity Audit Framework. If an attacker can place malicious classes into the classpath and access the RE...

Timing Attack

generator-jhipster is vulnerable to a Timing Attack. The vulnerability exists because the TokenProvider.java uses String.equalsstr to compare the given token-signature. This comparison method does not effectively validate the token because it stops as soon as it encounters the first character tha...

generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

GHSA-4GPM-R23H-GPRW generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

CVE-2015-20110

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

CVE-2015-20110

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

CVE-2015-20110

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

PT-2023-10311 · Jhipster · Generator-Jhipster

Name of the Vulnerable Software and Affected Versions: JHipster generator-jhipster versions prior to 2.23.0 Description: The issue allows for a timing attack against the validateToken function due to a string comparison that stops at the first different character. This enables attackers to guess...

CVE-2015-20110

Summary : CVE-2015-20110 affects the JHipster generator-jhipster before 2.23.0. The root cause is a token validation routine that compares strings using a short-circuiting comparison, leaking timing information. This allows attackers to brute-force tokens one character at a time by observing resp...

generator-jhipster-agilekip (>=0.0.11 <=0.0.12), generator-jhipster-composite-key-server (=7.0.0) +21 more potentially affected by CVE-2022-24815 via generator-jhipster (>=7.0.0 <=7.8.0)

generator-jhipster NPM version =7.0.0, =0.0.11, =0.1.0, =0.0.0, =0.0.0, =3.0.0, =1.0.0, =1.12.0, =1.0.0, =4.0.0, =2.0.0, =2.0.0-beta.1 and more Source cves: CVE-2022-24815 Source advisory: OSV:GHSA-QJMQ-8HJR-QCV6...

CVE-2020-4072

In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem...