CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31119 – CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework
https://notcve.org/view.php?id=CVE-2025-31119
03 Apr 2025 — generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath and also has access to these REST interface for calling the mentioned REST endpoints, using these lines of code can lead to unintended remote code execution. This vulnerability is fixed in 5.9.1. generator-jhipster... • https://github.com/jhipster/generator-jhipster-entity-audit/blob/e21e83135d10c77d92203c89cb0b0063914e8fe0/generators/spring-boot-javers/templates/src/main/java/_package_/web/rest/JaversEntityAuditResource.java.ejs#L88 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24815 – SQL Injection when creating an application with Reactive SQL backend
https://notcve.org/view.php?id=CVE-2022-24815
11 Apr 2022 — JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications created without "reactive with Spring WebFlux" and applications with NoSQL databases are not affected. Users who have generated a microservice Gateway using the affected version may be impacted as Gateways are reacti... • https://github.com/jhipster/generator-jhipster/commit/c220a210fd7742c53eea72bd5fadbb96220faa98 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4072 – Log Forging in generator-jhipster-kotlin
https://notcve.org/view.php?id=CVE-2020-4072
25 Jun 2020 — In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0. • https://github.com/jhipster/jhipster-kotlin/commit/426ccab85e7e0da562643200637b99b6a2a99449 • CWE-117: Improper Output Neutralization for Logs •