Lucene search
K

23 matches found

Veracode
Veracode
added 2026/05/09 5:13 a.m.5 views

Code Generation Literal Injection

Kiota is vulnerable to code generation literal injection. The vulnerability is due to insufficient context-aware escaping of malicious values from OpenAPI descriptions during source code generation, which allows an attacker to inject arbitrary code into generated client applications by supplying ...

7.8CVSS6.1AI score0.00421EPSS
Exploits1References2Affected Software3
Vulnrichment
Vulnrichment
added 2026/05/08 1:49 p.m.13 views

CVE-2026-41507 Remote Code Execution (RCE) via String Literal Injection into math-codegen

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

9.8CVSS6.1AI score0.00393EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/25 7:22 a.m.7 views

CVE-2026-41134

Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata,...

7.8CVSS5.5AI score0.00421EPSS
Exploits1References1
NVD
NVD
added 2026/04/22 9:17 p.m.5 views

CVE-2026-41134

Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata,...

7.8CVSS0.00421EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/22 8:20 p.m.12 views

EUVD-2026-25094

Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata,...

7.3CVSS5.7AI score0.00421EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/22 8:20 p.m.33 views

CVE-2026-41134 Kiota: Code Generation Literal Injection

Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata,...

7.3CVSS0.00421EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 8:20 p.m.3 views

CVE-2026-41134

Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata,...

7.3CVSS5.7AI score0.00421EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/22 8:20 p.m.24 views

CVE-2026-41134

Kiota is an OpenAPI-based HTTP client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks ( serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata, and default...

7.8CVSS5.7AI score0.00421EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 8:20 p.m.6 views

CVE-2026-41134 Kiota: Code Generation Literal Injection

Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template metadata, enum/property metadata,...

7.3CVSS5.7AI score0.00421EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/17 10:31 p.m.14 views

Remote Code Execution (RCE) via String Literal Injection into math-codegen

Impact String literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the parser. Any application exposing a math evaluation endpoint where user input flo...

9.8CVSS6.1AI score0.00393EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/17 10:31 p.m.9 views

GHSA-P6X5-P4XF-CC4R Remote Code Execution (RCE) via String Literal Injection into math-codegen

Impact String literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the parser. Any application exposing a math evaluation endpoint where user input flo...

9.8CVSS6.1AI score0.00393EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/14 11:39 p.m.9 views

Kiota: Code Generation Literal Injection

CVE Advisory CVE-2026-41134: Code Generation Literal Injection in Kiota Summary Kiota versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template...

7.8CVSS5.8AI score0.00421EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/14 11:39 p.m.5 views

GHSA-2HX3-VP6R-MG3F Kiota: Code Generation Literal Injection

CVE Advisory CVE-2026-41134: Code Generation Literal Injection in Kiota Summary Kiota versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks for example: serialization/deserialization keys, path/query parameter mappings, URL template...

7.3CVSS5.8AI score0.00421EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/12/12 12:25 a.m.5 views

SUSE CVE-2025-65026

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

9.6CVSS6.8AI score0.00438EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/26 4:56 p.m.3 views

CVE-2025-65026

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

6.1CVSS6.8AI score0.00438EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/11/19 8:31 p.m.9 views

esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript

Summary The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter, esm.sh converts it to a JavaScript module by embedding the CSS content directly into a...

9.6CVSS7.5AI score0.00438EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/11/19 8:31 p.m.5 views

EUVD-2025-198180

esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript...

6.1CVSS6.7AI score0.00438EPSS
Exploits1References4
OSV
OSV
added 2025/11/19 8:31 p.m.6 views

GHSA-HCPF-QV9M-VFGP esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript

Summary The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter, esm.sh converts it to a JavaScript module by embedding the CSS content directly into a...

6.1CVSS7.5AI score0.00438EPSS
Exploits1References4
NVD
NVD
added 2025/11/19 6:15 p.m.10 views

CVE-2025-65026

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

9.6CVSS0.00438EPSS
Exploits1References2
CVE
CVE
added 2025/11/19 5:33 p.m.25 views

CVE-2025-65026

CVE-2025-65026 affects esm.sh prior to version 136. The vulnerability arises when the CSS-to-JavaScript module conversion inserts CSS into a JavaScript template literal without sanitization, allowing template literals to execute ${...} expressions. This can enable XSS in browsers and potential RC...

9.6CVSS6.4AI score0.00438EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder