2 matches found
Code Generation Literal Injection
Kiota is vulnerable to code generation literal injection. The vulnerability is due to insufficient context-aware escaping of malicious values from OpenAPI descriptions during source code generation, which allows an attacker to inject arbitrary code into generated client applications by supplying ...
Arbitrary Code Execution
Orval is vulnerable to Arbitrary Code Execution. The vulnerability is due to incomplete sanitization of untrusted input during code generation, where insufficient escaping in jsStringEscape allows attackers to inject executable JavaScript using only non-alphanumeric characters via JSFuck...