<p>Upgrade <code>generator-jhipster</code> to version 7.8.1 or higher.</p>

SQL Injection Affecting generator-jhipster package, versions >=7.0.0 <7.8.1

Snyk CVSS

Attack Complexity High

Scope Changed

Confidentiality High

Integrity High

Threat Intelligence

Exploit Maturity Proof of concept

EPSS 0.16% (53^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-GENERATORJHIPSTER-2440606
published 7 Apr 2022
disclosed 4 Apr 2022
credit appkr

Report a new vulnerability Found a mistake?

Introduced: 4 Apr 2022

CVE-2022-24815 Open this link in a new tab CWE-89 Open this link in a new tab

How to fix?

Upgrade generator-jhipster to version 7.8.1 or higher.

Overview

generator-jhipster is a development platform to generate, develop and deploy Spring Boot + Angular / React / Vue Web applications and Spring microservices.

Affected versions of this package are vulnerable to SQL Injection due to improper input sanitization, it is possible to be exploited via the findAllBy(Pageable pageable, Criteria criteria) method, when reactive with Spring WebFlux is enabled and an SQL database using r2dbc.

Note: Applications created without "reactive with Spring WebFlux" and applications with NoSQL databases are not affected.