CVE-2025-31119: generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework
CWE-470 (Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’) when having Javers selected as Entity Audit Framework
References
- github.com/advisories/GHSA-7rmp-3g9f-cvq8
- github.com/jhipster/generator-jhipster-entity-audit
- github.com/jhipster/generator-jhipster-entity-audit/blob/e21e83135d10c77d92203c89cb0b0063914e8fe0/generators/spring-boot-javers/templates/src/main/java/_package_/web/rest/JaversEntityAuditResource.java.ejs
- github.com/jhipster/generator-jhipster-entity-audit/security/advisories/GHSA-7rmp-3g9f-cvq8
- nvd.nist.gov/vuln/detail/CVE-2025-31119
Code Behaviors & Features
Detect and mitigate CVE-2025-31119 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →