{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-31119", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-03-26T15:04:52.625Z", "datePublished": "2025-04-03T19:11:44.091Z", "dateUpdated": "2025-04-03T19:45:22.621Z"}, "containers": {"cna": {"title": "CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework", "problemTypes": [{"descriptions": [{"cweId": "CWE-470", "lang": "en", "description": "CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/jhipster/generator-jhipster-entity-audit/security/advisories/GHSA-7rmp-3g9f-cvq8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jhipster/generator-jhipster-entity-audit/security/advisories/GHSA-7rmp-3g9f-cvq8"}, {"name": "https://github.com/jhipster/generator-jhipster-entity-audit/blob/e21e83135d10c77d92203c89cb0b0063914e8fe0/generators/spring-boot-javers/templates/src/main/java/_package_/web/rest/JaversEntityAuditResource.java.ejs#L88", "tags": ["x_refsource_MISC"], "url": "https://github.com/jhipster/generator-jhipster-entity-audit/blob/e21e83135d10c77d92203c89cb0b0063914e8fe0/generators/spring-boot-javers/templates/src/main/java/_package_/web/rest/JaversEntityAuditResource.java.ejs#L88"}], "affected": [{"vendor": "jhipster", "product": "generator-jhipster-entity-audit", "versions": [{"version": "< 5.9.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-03T19:11:44.091Z"}, "descriptions": [{"lang": "en", "value": "generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath and also has access to these REST interface for calling the mentioned REST endpoints, using these lines of code can lead to unintended remote code execution. This vulnerability is fixed in 5.9.1."}], "source": {"advisory": "GHSA-7rmp-3g9f-cvq8", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-03T19:45:10.744704Z", "id": "CVE-2025-31119", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-03T19:45:22.621Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-31119", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-03-26T15:04:52.625Z", "datePublished": "2025-04-03T19:11:44.091Z", "dateUpdated": "2025-04-03T19:45:22.621Z"}, "containers": {"cna": {"title": "CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework", "problemTypes": [{"descriptions": [{"cweId": "CWE-470", "lang": "en", "description": "CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/jhipster/generator-jhipster-entity-audit/security/advisories/GHSA-7rmp-3g9f-cvq8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jhipster/generator-jhipster-entity-audit/security/advisories/GHSA-7rmp-3g9f-cvq8"}, {"name": "https://github.com/jhipster/generator-jhipster-entity-audit/blob/e21e83135d10c77d92203c89cb0b0063914e8fe0/generators/spring-boot-javers/templates/src/main/java/_package_/web/rest/JaversEntityAuditResource.java.ejs#L88", "tags": ["x_refsource_MISC"], "url": "https://github.com/jhipster/generator-jhipster-entity-audit/blob/e21e83135d10c77d92203c89cb0b0063914e8fe0/generators/spring-boot-javers/templates/src/main/java/_package_/web/rest/JaversEntityAuditResource.java.ejs#L88"}], "affected": [{"vendor": "jhipster", "product": "generator-jhipster-entity-audit", "versions": [{"version": "< 5.9.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-03T19:11:44.091Z"}, "descriptions": [{"lang": "en", "value": "generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath and also has access to these REST interface for calling the mentioned REST endpoints, using these lines of code can lead to unintended remote code execution. This vulnerability is fixed in 5.9.1."}], "source": {"advisory": "GHSA-7rmp-3g9f-cvq8", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-31119", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-03T19:45:10.744704Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-03T19:45:13.944Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath and also has access to these REST interface for calling the mentioned REST endpoints, using these lines of code can lead to unintended remote code execution. This vulnerability is fixed in 5.9.1."}, {"lang": "es", "value": "generator-jhipster-entity-audit es un m\u00f3dulo de JHipster que habilita la auditor\u00eda de entidades y la p\u00e1gina de registro de auditor\u00eda. En versiones anteriores a la versi\u00f3n 5.9.1, generator-jhipster-entity-audit permit\u00eda la reflexi\u00f3n insegura al seleccionar Javers como marco de auditor\u00eda de entidades. Si un atacante logra insertar clases maliciosas en la ruta de clases y, adem\u00e1s, tiene acceso a estas interfaces REST para llamar a los endpoints REST mencionados, el uso de estas l\u00edneas de c\u00f3digo puede provocar la ejecuci\u00f3n remota no intencionada de c\u00f3digo. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 5.9.1."}], "id": "CVE-2025-31119", "lastModified": "2025-04-07T14:18:34.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-04-03T20:15:25.223", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/jhipster/generator-jhipster-entity-audit/blob/e21e83135d10c77d92203c89cb0b0063914e8fe0/generators/spring-boot-javers/templates/src/main/java/_package_/web/rest/JaversEntityAuditResource.java.ejs#L88"}, {"source": "security-advisories@github.com", "url": "https://github.com/jhipster/generator-jhipster-entity-audit/security/advisories/GHSA-7rmp-3g9f-cvq8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-470"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}