generator-jhipster is vulnerable to insecure randomness. The vulnerability exists as it was using an insecure random util
, RandomStringUtils
, from Apache Commons Lang3.
CPE | Name | Operator | Version |
---|---|---|---|
generator-jhipster | le | 6.2.0 | |
generator-jhipster-kotlin | le | 1.1.0 | |
generator-jhipster | le | 6.2.0 | |
generator-jhipster-kotlin | le | 1.1.0 |
github.com/atomfrede/jhipster-kotlin/commit/187506a3632beb15e31156df65a4b24f5facce54
github.com/jhipster/generator-jhipster/commit/88448b85fd3e8e49df103f0061359037c2c68ea7
github.com/jhipster/generator-jhipster/compare/09c7006deaa8a498bca604ffcc5e1a4e801a4833...88448b85fd3e8e49df103f0061359037c2c68ea7
github.com/jhipster/generator-jhipster/issues/10401
github.com/jhipster/generator-jhipster/security/advisories/GHSA-mwp6-j9wf-968c
github.com/jhipster/jhipster-kotlin/issues/183
lists.apache.org/thread.html/r6d243e7e3f25daeb242dacf3def411fba32a9388d3ff84918cb28ddd@%3Cissues.commons.apache.org%3E
lists.apache.org/thread.html/rc3f00f5d3d2ec0e2381a3b9096d5f5b4d46ec1587ee7e251a3dbb897@%3Cissues.commons.apache.org%3E
lists.apache.org/thread.html/rc87fa35a48b5d70b06af6fb81785ed82e82686eb83307aae6d250dc9@%3Cissues.commons.apache.org%3E
medium.com/@alex91ar/the-java-soothsayer-a-practical-application-for-insecure-randomness-c67b0cd148cd
www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html
www.npmjs.com/advisories/1187