Timing Attack
Affecting generator-jhipster package, versions >=2.0.1 <2.23.0
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
generator-jhipster
is a Spring Boot + Angular in one handy generator.
Affected versions of the package are vulnerable to Timing Attack which occurs due Token Validation.
Remediation
Upgrade generator-jhipster
to version 2.23.0 or higher.
References
CVSS Score
5.3
medium severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityNone
-
AvailabilityNone
- Credit
- Marcel Klemenz
- CWE
- CWE-208
- Snyk ID
- npm:generator-jhipster:20151006
- Disclosed
- 05 Oct, 2015
- Published
- 28 Mar, 2017