Identifier

CVE-2020-4072

Package Slug

npm/generator-jhipster-kotlin

Vulnerability

Improper Output Neutralization for Logs

Description

In generator-jhipster-kotlin, log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries.

Affected Versions

All versions before 1.7.0

Solution

Upgrade to version 1.7.0 or above.

Last Modified

2020-07-22

source