8 matches found
CVE-2019-16303
A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness apache.commons.lang3 RandomStringUtils. This allows an attacker if able to obtain their own password reset URL to compute the value for all other...
EUVD-2020-0493
Malware in sbrugna...
EUVD-2025-22595
Malicious code in bioql PyPI...
GHSA-CMM8-GW4M-26CW Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter
Withdrawn Advisory This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. For more information, see https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w. Original Description JHipster before v.8.9.0 allows...
CVE-2025-43712
JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...
CVE-2025-43712
Summary: CVE-2025-43712 affects JHipster before 8.9.0, where the unvalidated authorities parameter in the /api/account response can be manipulated to escalate privileges from ROLE_USER to ROLE_ADMIN, potentially exposing admin functionality. What’s affected: JHipster-generated apps prior to 8.9.0...
PT-2025-30814 · Jhipster · Jhipster
Name of the Vulnerable Software and Affected Versions: JHipster versions prior to 8.9.0 Description: JHipster versions prior to 8.9.0 are susceptible to privilege escalation through manipulation of the authorities parameter. After registering and logging in as a standard user, the authorities...
CVE-2015-20110
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...