Vulnerability	Vulnerable Version
M Information Exposure generator-jhipster is a development platform to generate, develop and deploy Spring Boot + Angular / React / Vue Web applications and Spring microservices. Affected versions of this package are vulnerable to Information Exposure. On the user management webpage: `http://localhost:8080/admin/user-management`, it is possible to sort columns and the following URL can be observed when sorting by Login: `http://localhost:8080/admin/user-management?page=1&sort=login,desc` The data displayed on the screen is from the `generators/server/templates/src/main/java/package/domain/User.java.ejs` which contains data from the `jhi_user` database table. The issue is that some properties of the model contain security related data and that an administrator can sort them out. For example: `http://localhost:8080/admin/user-management?page=1&sort=password,desc` In this case, the password property is the password_hash column of the database. How to fix Information Exposure? Upgrade `generator-jhipster` to version 6.10.2 or higher.	<6.10.2
M Improper Output Neutralization for Logs generator-jhipster is a development platform to generate, develop and deploy Spring Boot + Angular / React / Vue Web applications and Spring microservices. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs. User-provided text can be used to forge logs when using the API. How to fix Improper Output Neutralization for Logs? Upgrade `generator-jhipster` to version 6.9.0 or higher.	<6.9.0

Information Exposure

generator-jhipster is a development platform to generate, develop and deploy Spring Boot + Angular / React / Vue Web applications and Spring microservices.

Affected versions of this package are vulnerable to Information Exposure. On the user management webpage: http://localhost:8080/admin/user-management, it is possible to sort columns and the following URL can be observed when sorting by Login: http://localhost:8080/admin/user-management?page=1&sort=login,desc

The data displayed on the screen is from the generators/server/templates/src/main/java/package/domain/User.java.ejs which contains data from the jhi_user database table. The issue is that some properties of the model contain security related data and that an administrator can sort them out. For example: http://localhost:8080/admin/user-management?page=1&sort=password,desc In this case, the password property is the password_hash column of the database.

How to fix Information Exposure?

Upgrade generator-jhipster to version 6.10.2 or higher.

<6.10.2

Improper Output Neutralization for Logs

generator-jhipster is a development platform to generate, develop and deploy Spring Boot + Angular / React / Vue Web applications and Spring microservices.

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs. User-provided text can be used to forge logs when using the API.

How to fix Improper Output Neutralization for Logs?

Upgrade generator-jhipster to version 6.9.0 or higher.

<6.9.0

Go back to all versions of this package