generator-jhipster is vulnerable to log injection. The vulnerability is possible because it uses public API for creating log entries for invalid password reset attempts to the user-provided emails during jwt or session authentication, allowing an attacker to forge log entries.