Timing Attack in generator-jhipster

Do your applications use this vulnerable package? Test your applications

Overview

generator-jhipster is a Spring Boot + Angular in one handy generator. Affected versions of the package are vulnerable to Timing Attack which occurs due Token Validation.

Remediation

Upgrade generator-jhipster to version 2.23.0 or higher.

References

GitHub PR
GitHub Issue
GitHub Commit

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

Low
Integrity

None
Availability

None

Credit: Marcel Klemenz
CWE: CWE-208
Snyk ID: npm:generator-jhipster:20151006
Disclosed: 05 Oct, 2015
Published: 28 Mar, 2017