CVE-2019-16303: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
(updated )
A class generated by the Generator in JHipster produces code that uses an insecure source of randomness. This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover.
References
Detect and mitigate CVE-2019-16303 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →