CVE-2019-16303
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | generator-jhipster-kotlin | <1.2.0 | 1.2.0 |
References
- https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-mwp6-j9wf-968c
- https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-j3rh-8vwq-wh84
- https://nvd.nist.gov/vuln/detail/CVE-2019-16303
- https://github.com/jhipster/generator-jhipster/issues/10401
- https://github.com/jhipster/jhipster-kotlin/issues/183
- https://github.com/jhipster/generator-jhipster/commit/88448b85fd3e8e49df103f0061359037c2c68ea7
- https://github.com/jhipster/jhipster-kotlin/commit/deec3587ef7721cf5de5b960d43e9b68beff6193
- https://github.com/jhipster/generator-jhipster
- https://lists.apache.org/thread.html/r6d243e7e3f25daeb242dacf3def411fba32a9388d3ff84918cb28ddd@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/rc3f00f5d3d2ec0e2381a3b9096d5f5b4d46ec1587ee7e251a3dbb897@%3Cissues.commons.apache.org%3E
- https://lists.apache.org/thread.html/rc87fa35a48b5d70b06af6fb81785ed82e82686eb83307aae6d250dc9@%3Cissues.commons.apache.org%3E
- https://snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-466980
- https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html
- https://www.npmjs.com/advisories/1187
- https://www.npmjs.com/advisories/1188
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.