Critical severity vulnerability that affects generator-jhipster
Critical severity
GitHub Reviewed
Published
Sep 13, 2019
in
jhipster/generator-jhipster
•
Updated Jan 9, 2023
Withdrawn
This advisory was withdrawn on Jun 26, 2020
Description
Published to the GitHub Advisory Database
Sep 13, 2019
Reviewed
Jun 16, 2020
Withdrawn
Jun 26, 2020
Last updated
Jan 9, 2023
Credits
-
JLLeitschuh Analyst
Account takeover and privilege escalation is possible in applications generated by generator-jhipster before 6.3.0. This is due to a vulnerability in the generated java classes: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Generated applications must be manually patched, following instructions in the release notes: https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html
References