Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/generator-jhipster@4.10.2
Typenpm
Namespace
Namegenerator-jhipster
Version4.10.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.9.0
Latest_non_vulnerable_version8.9.0
Affected_by_vulnerabilities
0
url VCID-6x6u-rsat-afbt
vulnerability_id VCID-6x6u-rsat-afbt
summary 
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
A class generated by the Generator in JHipster produces code that uses an insecure source of randomness. This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16303
reference_id
reference_type
scores
0
value 0.01904
scoring_system epss
scoring_elements 0.83589
published_at 2026-06-04T12:55:00Z
1
value 0.01904
scoring_system epss
scoring_elements 0.83616
published_at 2026-06-09T12:55:00Z
2
value 0.01904
scoring_system epss
scoring_elements 0.83603
published_at 2026-06-08T12:55:00Z
3
value 0.01904
scoring_system epss
scoring_elements 0.8361
published_at 2026-06-07T12:55:00Z
4
value 0.01904
scoring_system epss
scoring_elements 0.83614
published_at 2026-06-06T12:55:00Z
5
value 0.01904
scoring_system epss
scoring_elements 0.83613
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16303
1
reference_url https://github.com/advisories/GHSA-j3rh-8vwq-wh84
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-j3rh-8vwq-wh84
2
reference_url https://github.com/advisories/GHSA-mwp6-j9wf-968c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-mwp6-j9wf-968c
3
reference_url https://github.com/jhipster/generator-jhipster
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jhipster/generator-jhipster
4
reference_url https://github.com/jhipster/generator-jhipster/commit/88448b85fd3e8e49df103f0061359037c2c68ea7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jhipster/generator-jhipster/commit/88448b85fd3e8e49df103f0061359037c2c68ea7
5
reference_url https://github.com/jhipster/generator-jhipster/issues/10401
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jhipster/generator-jhipster/issues/10401
6
reference_url https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-mwp6-j9wf-968c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-mwp6-j9wf-968c
7
reference_url https://github.com/jhipster/jhipster-kotlin/commit/deec3587ef7721cf5de5b960d43e9b68beff6193
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jhipster/jhipster-kotlin/commit/deec3587ef7721cf5de5b960d43e9b68beff6193
8
reference_url https://github.com/jhipster/jhipster-kotlin/issues/183
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jhipster/jhipster-kotlin/issues/183
9
reference_url https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-j3rh-8vwq-wh84
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-j3rh-8vwq-wh84
10
reference_url https://lists.apache.org/thread.html/r6d243e7e3f25daeb242dacf3def411fba32a9388d3ff84918cb28ddd@%3Cissues.commons.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6d243e7e3f25daeb242dacf3def411fba32a9388d3ff84918cb28ddd@%3Cissues.commons.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rc3f00f5d3d2ec0e2381a3b9096d5f5b4d46ec1587ee7e251a3dbb897@%3Cissues.commons.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc3f00f5d3d2ec0e2381a3b9096d5f5b4d46ec1587ee7e251a3dbb897@%3Cissues.commons.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rc87fa35a48b5d70b06af6fb81785ed82e82686eb83307aae6d250dc9@%3Cissues.commons.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc87fa35a48b5d70b06af6fb81785ed82e82686eb83307aae6d250dc9@%3Cissues.commons.apache.org%3E
13
reference_url https://snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-466980
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-466980
14
reference_url https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html
15
reference_url https://www.npmjs.com/advisories/1187
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1187
16
reference_url https://www.npmjs.com/advisories/1188
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/1188
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16303
reference_id CVE-2019-16303
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16303
fixed_packages
0
url pkg:npm/generator-jhipster@6.3.0
purl pkg:npm/generator-jhipster@6.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m7c6-qnvt-hyd1
1
vulnerability VCID-tf3c-57f7-8fcd
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/generator-jhipster@6.3.0
aliases CVE-2019-16303, GHSA-j3rh-8vwq-wh84, GHSA-mwp6-j9wf-968c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6x6u-rsat-afbt
1
url VCID-m7c6-qnvt-hyd1
vulnerability_id VCID-m7c6-qnvt-hyd1
summary 
Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter
## Withdrawn Advisory
This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. For more information, see https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w.

## Original Description

JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLE_USER. By manipulating the authorities parameter and changing its value to ROLE_ADMIN, the privilege is successfully escalated to an Admin level. This allowed the access to all admin-related functionalities in the application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43712
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.36874
published_at 2026-06-08T12:55:00Z
1
value 0.00162
scoring_system epss
scoring_elements 0.36887
published_at 2026-06-09T12:55:00Z
2
value 0.00162
scoring_system epss
scoring_elements 0.3694
published_at 2026-06-05T12:55:00Z
3
value 0.00162
scoring_system epss
scoring_elements 0.36946
published_at 2026-06-06T12:55:00Z
4
value 0.00162
scoring_system epss
scoring_elements 0.36912
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43712
1
reference_url https://github.com/jhipster/generator-jhipster
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jhipster/generator-jhipster
2
reference_url https://github.com/jhipster/generator-jhipster/releases
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-25T13:16:58Z/
url https://github.com/jhipster/generator-jhipster/releases
3
reference_url https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-25T13:16:58Z/
url https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43712
reference_id CVE-2025-43712
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43712
5
reference_url https://firecompass.com/cve-2025-43712-jhipster-platform-privilege-escalation-vulnerability-discovered-by-firecompass-research-added-to-nist/
reference_id cve-2025-43712-jhipster-platform-privilege-escalation-vulnerability-discovered-by-firecompass-research-added-to-nist
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-25T13:16:58Z/
url https://firecompass.com/cve-2025-43712-jhipster-platform-privilege-escalation-vulnerability-discovered-by-firecompass-research-added-to-nist/
6
reference_url https://firecompass.com/cve-2025-43712-jhipster-platform-privilege-escalation-vulnerability-discovered-by-firecompass-research-added-to-nist
reference_id CVE-2025-43712-JHIPSTER-PLATFORM-PRIVILEGE-ESCALATION-VULNERABILITY-DISCOVERED-BY-FIRECOMPASS-RESEARCH-ADDED-TO-NIST
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://firecompass.com/cve-2025-43712-jhipster-platform-privilege-escalation-vulnerability-discovered-by-firecompass-research-added-to-nist
7
reference_url https://medium.com/@hritikgodara/cve-2025-43712-privilege-escalation-via-response-manipulation-in-the-jhipster-platform-5e18c0434def
reference_id CVE-2025-43712-PRIVILEGE-ESCALATION-VIA-RESPONSE-MANIPULATION-IN-THE-JHIPSTER-PLATFORM-5E18C0434DEF
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-25T13:16:58Z/
url https://medium.com/@hritikgodara/cve-2025-43712-privilege-escalation-via-response-manipulation-in-the-jhipster-platform-5e18c0434def
8
reference_url https://github.com/advisories/GHSA-cmm8-gw4m-26cw
reference_id GHSA-cmm8-gw4m-26cw
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cmm8-gw4m-26cw
fixed_packages
0
url pkg:npm/generator-jhipster@8.9.0
purl pkg:npm/generator-jhipster@8.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/generator-jhipster@8.9.0
aliases CVE-2025-43712, GHSA-cmm8-gw4m-26cw
risk_score 3.6
exploitability 0.5
weighted_severity 7.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7c6-qnvt-hyd1
2
url VCID-tf3c-57f7-8fcd
vulnerability_id VCID-tf3c-57f7-8fcd
summary 
High severity vulnerability that affects generator-jhipster
## Generated code uses repository configuration that downloads over HTTP instead of HTTPS

### Impact
Gradle users were using the http://repo.spring.io/plugins-release repositories in plain HTTP, and not HTTPS, so a man-in-the-middle attack was possible at build time.

### Patches

Maven users should at least upgrade to 6.3.0 while Gradle users should update to 6.3.1.
If you are not able to upgrade make sure not to use a Maven repository via `http` in your build file.

### Workarounds

Replace all custom repository definitions in `build.gradle` or `pom.xml` with their `https` version.

e.g.

```xml
 <repository>
            <id>oss.sonatype.org-snapshot</id>
            <url>https://oss.sonatype.org/content/repositories/snapshots</url> // <-- must be httpS
            <releases>
                <enabled>false</enabled>
            </releases>
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
</repository>
```

```gradle
maven { url "https://repo.spring.io/plugins-release" } // <-- must be httpS
```

### References
* https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [https://github.com/jhipster/generator-jhipster/issues](https://github.com/jhipster/generator-jhipster/issues)
references
0
reference_url https://github.com/jhipster/generator-jhipster
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jhipster/generator-jhipster
1
reference_url https://snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-536074
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-536074
2
reference_url https://github.com/advisories/GHSA-mc84-xr9p-938r
reference_id GHSA-mc84-xr9p-938r
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-mc84-xr9p-938r
3
reference_url https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-mc84-xr9p-938r
reference_id GHSA-mc84-xr9p-938r
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-mc84-xr9p-938r
fixed_packages
0
url pkg:npm/generator-jhipster@6.3.1
purl pkg:npm/generator-jhipster@6.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m7c6-qnvt-hyd1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/generator-jhipster@6.3.1
aliases GHSA-mc84-xr9p-938r, GMS-2019-125
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tf3c-57f7-8fcd
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/generator-jhipster@4.10.2