Miggo Logo
Miggo Vulnerability Database
GHSA-mwp6-j9wf-968c

GHSA-mwp6-j9wf-968c: Critical severity vulnerability that affects generator-jhipster

9.8

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-mwp6-j9wf-968c
EPSS Score
-
CWE
CWE-338
Published
9/13/2019
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
generator-jhipsternpm< 6.3.06.3.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is due to the use of a weak PRNG in generating random strings. The function RandomUtil.generateRandomAlphanumeric is identified as vulnerable based on its use of RandomStringUtils.randomAlphanumeric. The patch involves switching to a secure PRNG like SecureRandom.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

***ount t*k*ov*r *n* privil*** *s**l*tion is possi*l* in *ppli**tions **n*r*t** *y **n*r*tor-j*ipst*r ***or* *.*.*. T*is is *u* to * vuln*r**ility in t** **n*r*t** j*v* *l*ss*s: *W*-***: Us* o* *rypto*r*p*i**lly W**k Ps*u*o-R*n*om Num**r **n*r*tor (P

Reasoning

T** vuln*r**ility is *u* to t** us* o* * w**k PRN* in **n*r*tin* r*n*om strin*s. T** *un*tion `R*n*omUtil.**n*r*t*R*n*om*lp**num*ri*` is i**nti*i** *s vuln*r**l* **s** on its us* o* `R*n*omStrin*Utils.r*n*om*lp**num*ri*`. T** p*t** involv*s swit**in*