3 matches found
CVE-2026-24132
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
d2m-apigen (>=1.0.1 <=2.1.7), dm-apigen (>=0.0.0 <=1.0.0) +2 more potentially affected by CVE-2026-24132 via @orval/mock (>=7.0.0 <=7.1.1)
@orval/mock NPM version =7.0.0, =1.0.1, =0.0.0, =7.0.0, =7.1.0, =7.13.2 Source cves: CVE-2026-24132 Source advisory: SNYK:JS-ORVALMOCK-15091570...
@dohyper/cli.hyper (>=0.0.1 <=0.0.10), @lumeweb/portal-sdk (>=0.0.0-20240306223335 <=0.0.2) +16 more potentially affected by CVE-2026-24132 via @orval/mock (>=6.21.0 <=7.1.1)
@orval/mock NPM version =6.21.0, =0.0.1, =0.0.0-20240306223335, =1.0.0, =0.1.0, =1.0.0, =1.2.0, =1.9.101, =1.9.101, =1.0.1, =0.0.0, =6.21.0, =7.19.0 and more Source cves: CVE-2026-24132 Source advisory: OSV:GHSA-F456-RF33-4626...