Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/241246?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/241246?format=api", "purl": "pkg:npm/generator-jhipster@4.10.2", "type": "npm", "namespace": "", "name": "generator-jhipster", "version": "4.10.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "8.9.0", "latest_non_vulnerable_version": "8.9.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51806?format=api", "vulnerability_id": "VCID-6x6u-rsat-afbt", "summary": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)\nA class generated by the Generator in JHipster produces code that uses an insecure source of randomness. This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01904", "scoring_system": "epss", "scoring_elements": "0.83589", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01904", "scoring_system": "epss", "scoring_elements": "0.83616", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01904", "scoring_system": "epss", "scoring_elements": "0.83603", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01904", "scoring_system": "epss", "scoring_elements": "0.8361", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01904", "scoring_system": "epss", "scoring_elements": "0.83614", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01904", "scoring_system": "epss", "scoring_elements": "0.83613", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16303" }, { "reference_url": "https://github.com/advisories/GHSA-j3rh-8vwq-wh84", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j3rh-8vwq-wh84" }, { "reference_url": "https://github.com/advisories/GHSA-mwp6-j9wf-968c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mwp6-j9wf-968c" }, { "reference_url": "https://github.com/jhipster/generator-jhipster", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jhipster/generator-jhipster" }, { "reference_url": "https://github.com/jhipster/generator-jhipster/commit/88448b85fd3e8e49df103f0061359037c2c68ea7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jhipster/generator-jhipster/commit/88448b85fd3e8e49df103f0061359037c2c68ea7" }, { "reference_url": "https://github.com/jhipster/generator-jhipster/issues/10401", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jhipster/generator-jhipster/issues/10401" }, { "reference_url": "https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-mwp6-j9wf-968c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-mwp6-j9wf-968c" }, { "reference_url": "https://github.com/jhipster/jhipster-kotlin/commit/deec3587ef7721cf5de5b960d43e9b68beff6193", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jhipster/jhipster-kotlin/commit/deec3587ef7721cf5de5b960d43e9b68beff6193" }, { "reference_url": "https://github.com/jhipster/jhipster-kotlin/issues/183", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jhipster/jhipster-kotlin/issues/183" }, { "reference_url": "https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-j3rh-8vwq-wh84", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-j3rh-8vwq-wh84" }, { "reference_url": "https://lists.apache.org/thread.html/r6d243e7e3f25daeb242dacf3def411fba32a9388d3ff84918cb28ddd@%3Cissues.commons.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6d243e7e3f25daeb242dacf3def411fba32a9388d3ff84918cb28ddd@%3Cissues.commons.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc3f00f5d3d2ec0e2381a3b9096d5f5b4d46ec1587ee7e251a3dbb897@%3Cissues.commons.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc3f00f5d3d2ec0e2381a3b9096d5f5b4d46ec1587ee7e251a3dbb897@%3Cissues.commons.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc87fa35a48b5d70b06af6fb81785ed82e82686eb83307aae6d250dc9@%3Cissues.commons.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc87fa35a48b5d70b06af6fb81785ed82e82686eb83307aae6d250dc9@%3Cissues.commons.apache.org%3E" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-466980", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-466980" }, { "reference_url": "https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html" }, { "reference_url": "https://www.npmjs.com/advisories/1187", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1187" }, { "reference_url": "https://www.npmjs.com/advisories/1188", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1188" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16303", "reference_id": "CVE-2019-16303", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16303" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75957?format=api", "purl": "pkg:npm/generator-jhipster@6.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m7c6-qnvt-hyd1" }, { "vulnerability": "VCID-tf3c-57f7-8fcd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/generator-jhipster@6.3.0" } ], "aliases": [ "CVE-2019-16303", "GHSA-j3rh-8vwq-wh84", "GHSA-mwp6-j9wf-968c" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6x6u-rsat-afbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57713?format=api", "vulnerability_id": "VCID-m7c6-qnvt-hyd1", "summary": "Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter\n## Withdrawn Advisory\nThis advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. For more information, see https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w.\n\n## Original Description\n\nJHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLE_USER. By manipulating the authorities parameter and changing its value to ROLE_ADMIN, the privilege is successfully escalated to an Admin level. This allowed the access to all admin-related functionalities in the application.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36874", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36887", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3694", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36946", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36912", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43712" }, { "reference_url": "https://github.com/jhipster/generator-jhipster", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jhipster/generator-jhipster" }, { "reference_url": "https://github.com/jhipster/generator-jhipster/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-25T13:16:58Z/" } ], "url": "https://github.com/jhipster/generator-jhipster/releases" }, { "reference_url": "https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-25T13:16:58Z/" } ], "url": "https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43712", "reference_id": "CVE-2025-43712", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43712" }, { "reference_url": "https://firecompass.com/cve-2025-43712-jhipster-platform-privilege-escalation-vulnerability-discovered-by-firecompass-research-added-to-nist/", "reference_id": "cve-2025-43712-jhipster-platform-privilege-escalation-vulnerability-discovered-by-firecompass-research-added-to-nist", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-25T13:16:58Z/" } ], "url": "https://firecompass.com/cve-2025-43712-jhipster-platform-privilege-escalation-vulnerability-discovered-by-firecompass-research-added-to-nist/" }, { "reference_url": "https://firecompass.com/cve-2025-43712-jhipster-platform-privilege-escalation-vulnerability-discovered-by-firecompass-research-added-to-nist", "reference_id": "CVE-2025-43712-JHIPSTER-PLATFORM-PRIVILEGE-ESCALATION-VULNERABILITY-DISCOVERED-BY-FIRECOMPASS-RESEARCH-ADDED-TO-NIST", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://firecompass.com/cve-2025-43712-jhipster-platform-privilege-escalation-vulnerability-discovered-by-firecompass-research-added-to-nist" }, { "reference_url": "https://medium.com/@hritikgodara/cve-2025-43712-privilege-escalation-via-response-manipulation-in-the-jhipster-platform-5e18c0434def", "reference_id": "CVE-2025-43712-PRIVILEGE-ESCALATION-VIA-RESPONSE-MANIPULATION-IN-THE-JHIPSTER-PLATFORM-5E18C0434DEF", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-25T13:16:58Z/" } ], "url": "https://medium.com/@hritikgodara/cve-2025-43712-privilege-escalation-via-response-manipulation-in-the-jhipster-platform-5e18c0434def" }, { "reference_url": "https://github.com/advisories/GHSA-cmm8-gw4m-26cw", "reference_id": "GHSA-cmm8-gw4m-26cw", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cmm8-gw4m-26cw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85889?format=api", "purl": "pkg:npm/generator-jhipster@8.9.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/generator-jhipster@8.9.0" } ], "aliases": [ "CVE-2025-43712", "GHSA-cmm8-gw4m-26cw" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7c6-qnvt-hyd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51836?format=api", "vulnerability_id": "VCID-tf3c-57f7-8fcd", "summary": "High severity vulnerability that affects generator-jhipster\n## Generated code uses repository configuration that downloads over HTTP instead of HTTPS\n\n### Impact\nGradle users were using the http://repo.spring.io/plugins-release repositories in plain HTTP, and not HTTPS, so a man-in-the-middle attack was possible at build time.\n\n### Patches\n\nMaven users should at least upgrade to 6.3.0 while Gradle users should update to 6.3.1.\nIf you are not able to upgrade make sure not to use a Maven repository via `http` in your build file.\n\n### Workarounds\n\nReplace all custom repository definitions in `build.gradle` or `pom.xml` with their `https` version.\n\ne.g.\n\n```xml\n <repository>\n <id>oss.sonatype.org-snapshot</id>\n <url>https://oss.sonatype.org/content/repositories/snapshots</url> // <-- must be httpS\n <releases>\n <enabled>false</enabled>\n </releases>\n <snapshots>\n <enabled>true</enabled>\n </snapshots>\n</repository>\n```\n\n```gradle\nmaven { url \"https://repo.spring.io/plugins-release\" } // <-- must be httpS\n```\n\n### References\n* https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n* https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [https://github.com/jhipster/generator-jhipster/issues](https://github.com/jhipster/generator-jhipster/issues)", "references": [ { "reference_url": "https://github.com/jhipster/generator-jhipster", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jhipster/generator-jhipster" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-536074", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-536074" }, { "reference_url": "https://github.com/advisories/GHSA-mc84-xr9p-938r", "reference_id": "GHSA-mc84-xr9p-938r", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mc84-xr9p-938r" }, { "reference_url": "https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-mc84-xr9p-938r", "reference_id": "GHSA-mc84-xr9p-938r", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-mc84-xr9p-938r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75981?format=api", "purl": "pkg:npm/generator-jhipster@6.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m7c6-qnvt-hyd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/generator-jhipster@6.3.1" } ], "aliases": [ "GHSA-mc84-xr9p-938r", "GMS-2019-125" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tf3c-57f7-8fcd" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/generator-jhipster@4.10.2" }