Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Log Forging in generator-jhipster-kotlin
Vulnerability Description
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
日志输出的转义处理不恰当
Vulnerability Title
generator-jhipster-kotlin 安全漏洞
Vulnerability Description
generator-jhipster-kotlin是一款基于Kotlin的JHipster应用程序生成器。 generator-jhipster-kotlin 1.6.0版本中存在安全漏洞,该漏洞源于对无效的密码重置请求,程序会生成日志条目。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
CVSS Information
N/A
Vulnerability Type
N/A