org.apache.streampipes:streampipes-user-management@0.70.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.streampipes:streampipes-user-management package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) through the user self-registration and password recovery mechanism. An attacker can guess the recovery token in a reasonable time and thereby take over the attacked user's account.

How to fix Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)?

Upgrade org.apache.streampipes:streampipes-user-management to version 0.95.0 or higher.

[0.69.0,0.95.0)