Vulnerability	Vulnerable Version
H Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') via the `entityType` and `qualifiedName` parameters in REST endpoints. An attacker can execute arbitrary code by passing malicious class names that lead to unintended class loading. Note: This is only exploitable if the attacker manages to place some malicious classes into the classpath and also has access to these REST interface for calling the mentioned REST endpoints. How to fix Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')? Upgrade `generator-jhipster-entity-audit` to version 5.9.1 or higher.	<5.9.1

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page

Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') via the entityType and qualifiedName parameters in REST endpoints. An attacker can execute arbitrary code by passing malicious class names that lead to unintended class loading.

Note:

This is only exploitable if the attacker manages to place some malicious classes into the classpath and also has access to these REST interface for calling the mentioned REST endpoints.

How to fix Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')?

Upgrade generator-jhipster-entity-audit to version 5.9.1 or higher.

<5.9.1

Go back to all versions of this package