GHSA-mwp6-j9wf-968c

Опубликовано: 13 сент. 2019

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Critical severity vulnerability that affects generator-jhipster

Account takeover and privilege escalation is possible in applications generated by generator-jhipster before 6.3.0. This is due to a vulnerability in the generated java classes: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Generated applications must be manually patched, following instructions in the release notes: https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html

Ссылки

https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-mwp6-j9wf-968c
https://github.com/advisories/GHSA-j3rh-8vwq-wh84
https://github.com/advisories/GHSA-mwp6-j9wf-968c

Пакеты

Наименование

generator-jhipster

npm

Затронутые версииВерсия исправления

< 6.3.0

6.3.0

9.8 Critical

CVSS3

Дефекты

CWE-338

9.8 Critical

CVSS3

Дефекты

CWE-338