77 matches found
CVE-2019-16303
A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness apache.commons.lang3 RandomStringUtils. This allows an attacker if able to obtain their own password reset URL to compute the value for all other...
EUVD-2020-0493
Malware in sbrugna...
EUVD-2020-0506
Malware in sbrugna...
EUVD-2025-9738
Malicious code in bioql PyPI...
EUVD-2022-1817
Malicious code in bioql PyPI...
EUVD-2023-2645
Malicious code in bioql PyPI...
EUVD-2025-22595
Malicious code in bioql PyPI...
MAL-2025-23793 Malicious code in jhipster-transasia-client (npm)
The package jhipster-transasia-client was found to contain malicious code...
Malicious code in jhipster-transasia-client (npm)
The package jhipster-transasia-client was found to contain malicious code...
CVE-2025-43712
JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...
Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter
Withdrawn Advisory This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. For more information, see https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w. Original Description JHipster before v.8.9.0 allows...
GHSA-CMM8-GW4M-26CW Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter
Withdrawn Advisory This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. For more information, see https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w. Original Description JHipster before v.8.9.0 allows...
Incorrect Authorization
Overview generator-jhipster is a development platform to generate, develop and deploy Spring Boot + Angular / React / Vue Web applications and Spring microservices. Affected versions of this package are vulnerable to Incorrect Authorization via the authorities parameter in the response from the...
@iurra/chickpea-stew (>=0.3.0 <=0.3.7), @joaopaulomfe/generator-jhipster-agile-kip (>=0.1.0 <=0.1.1) +175 more potentially affected by CVE-2025-43712 via generator-jhipster (>=2.25.0 <=9.0.0)
generator-jhipster NPM version =2.25.0, =0.3.0, =0.1.0, =0.0.7, =0.0.3, =0.0.11, =2.0.13, =0.0.0, =1.0.0, =0.1.0, =0.0.1, =0.0.2 and more Source cves: CVE-2025-43712 Source advisory: SNYK:JS-GENERATORJHIPSTER-11023283...
CVE-2025-43712
JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...
CVE-2025-43712
JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...
JHipster 安全漏洞
JHipster is an open source application generator that develops web applications and microservices primarily using Angular or React and Spring Framework. A security vulnerability exists in JHipster versions prior to 8.9.0, which stems from an unvalidated authorities parameter that could lead to...
CVE-2025-43712
JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...
CVE-2025-43712
Summary: CVE-2025-43712 affects JHipster before 8.9.0, where the unvalidated authorities parameter in the /api/account response can be manipulated to escalate privileges from ROLE_USER to ROLE_ADMIN, potentially exposing admin functionality. What’s affected: JHipster-generated apps prior to 8.9.0...
CVE-2025-43712
JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...