Vulnerabilities > Jhipster

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-31	CVE-2015-20110	Improper Restriction of Excessive Authentication Attempts vulnerability in Jhipster JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. network low complexity jhipster CWE-307	7.5
2022-04-11	CVE-2022-24815	SQL Injection vulnerability in Jhipster Generator-Jhipster JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. network high complexity jhipster CWE-89	8.1
2020-06-25	CVE-2020-4072	Improper Output Neutralization for Logs vulnerability in Jhipster Generator-Jhipster-Kotlin 1.6.0 In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. network low complexity jhipster CWE-117	5.3
2019-09-14	CVE-2019-16303	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Jhipster A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). network low complexity jhipster CWE-338 critical	9.8

Vulnerabilities > Jhipster {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jhipster"}]}