Vulnerabilities > Jhipster
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-31 | CVE-2015-20110 | Improper Restriction of Excessive Authentication Attempts vulnerability in Jhipster JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. | 7.5 |
2022-04-11 | CVE-2022-24815 | Unspecified vulnerability in Jhipster Generator-Jhipster JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. | 8.1 |
2020-06-25 | CVE-2020-4072 | Unspecified vulnerability in Jhipster Generator-Jhipster-Kotlin 1.6.0 In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. | 5.3 |
2019-09-14 | CVE-2019-16303 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Jhipster A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). | 9.8 |