Orval
Monthly
Code injection in Orval TypeScript API client generator versions 7.19.0 to before 7.22.0. Generated client code may be vulnerable to injection through crafted OpenAPI specifications.
Orval TypeScript code generator versions 7.19+ have a command injection vulnerability allowing RCE through malicious OpenAPI specifications during code generation.
Orval, a TypeScript API client generator, has a command injection vulnerability that allows code execution through malicious OpenAPI specifications.
orval (TypeScript API client generator) before 7.18.0 has code injection via OpenAPI specification summary fields in MCP server generation. Malicious API specs can inject arbitrary code into generated TypeScript. PoC available, patch available.
Code injection in Orval TypeScript API client generator versions 7.19.0 to before 7.22.0. Generated client code may be vulnerable to injection through crafted OpenAPI specifications.
Orval TypeScript code generator versions 7.19+ have a command injection vulnerability allowing RCE through malicious OpenAPI specifications during code generation.
Orval, a TypeScript API client generator, has a command injection vulnerability that allows code execution through malicious OpenAPI specifications.
orval (TypeScript API client generator) before 7.18.0 has code injection via OpenAPI specification summary fields in MCP server generation. Malicious API specs can inject arbitrary code into generated TypeScript. PoC available, patch available.