Insecure generation of random numbers In generator-jhipster
This advisory was classified as a False Positive during our data review process to ensure accuracy and data quality.
Description
Critical severity vulnerability that affects generator-jhipster Account takeover and privilege escalation is possible in applications generated by generator-jhipster before 6.3.0. This is due to a vulnerability in the generated java classes: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Generated applications must be manually patched, following instructions in the release notes: https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 npm | 6.3.0 |
Aliases
1. 2. 3.
References
1.