Vulnerabilities > Jhipster > Jhipster > 2.9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-31 | CVE-2015-20110 | Improper Restriction of Excessive Authentication Attempts vulnerability in Jhipster JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. | 7.5 |
| 2019-09-14 | CVE-2019-16303 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Jhipster A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). | 9.8 |