Vulnerabilities > Jhipster

DATE CVE VULNERABILITY TITLE RISK
2023-10-31 CVE-2015-20110 Improper Restriction of Excessive Authentication Attempts vulnerability in Jhipster
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different.
network
low complexity
jhipster CWE-307
7.5
2022-04-11 CVE-2022-24815 Unspecified vulnerability in Jhipster Generator-Jhipster
JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures.
network
high complexity
jhipster
8.1
2020-06-25 CVE-2020-4072 Unspecified vulnerability in Jhipster Generator-Jhipster-Kotlin 1.6.0
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts.
network
low complexity
jhipster
5.3
2019-09-14 CVE-2019-16303 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Jhipster
A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils).
network
low complexity
jhipster CWE-338
critical
9.8