Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
JHipster 安全漏洞
Vulnerability Description
JHipster是一款开源的应用程序生成器,它主要使用Angular或React和Spring Framework开发Web应用程序和微服务。 JHipster Generator-jhipster 2.23.0 之前版本存在安全漏洞,该漏洞源于允许对 validateToken 进行定时攻击,攻击者利用该漏洞可以通过暴力破解猜测令牌。
CVSS Information
N/A
Vulnerability Type
N/A