CNNVD-202507-3156 Information
CNNVD ID
CNNVD-202507-3156
Related CVE
- CNNVD Published: 2025-07-25
Description (Chinese)
JHipster是一款开源的应用程序生成器,它主要使用Angular或React和Spring Framework开发Web应用程序和微服务。 JHipster 8.9.0之前版本存在安全漏洞,该漏洞源于authorities参数未经验证,可能导致权限提升。
Description (English)
JHipster is an open-source application generator that primarily uses Angular or React and Spring Platform to develop Web applications and micro-services. There was a security loophole in the previous version of JHipster 8.9.0, which originated from unverified authorities parameters, which could lead to increased privileges.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
JHipster
Published
2025-07-25
Last Modified
2026-02-24
References
https://github.com/jhipster/generator-jhipster/releases https://medium.com/@hritikgodara/cve-2025-43712-privilege-escalation-via-response-manipulation-in-the-jhipster-platform-5e18c0434def https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w https://access.redhat.com/security/cve/cve-2025-43712
Patch
https://github.com/jhipster/generator-jhipster/releases
Share on: