Orval has Code Injection via unsanitized x-enum-descriptions using JS comments

CVE-2026-23947 had an incomplete fix While the current jsStringEscape function properly handles single quotes ', double quotes " and other characters, it fails to sanitize and / characters. This allows attackers to break out of JavaScript comment blocks using / sequences and inject arbitrary code...

Orval code injection vulnerability

Orval is an open-source interface development tool developed by Orval. Versions of Orval from 7.19.0 to 7.21.0, as well as versions before 8.2.0, have a code injection vulnerability. This vulnerability stems from incomplete escape handling in the jsStringEscape function, which may lead to code...

Orval command injection vulnerability

Orval is an open-source interface development tool developed by Orval. Versions of Orval 7.19.0 and earlier, as well as versions 8.0.0-rc.0 to 8.0.2, have a command injection vulnerability. This vulnerability stems from untrusted OpenAPI specifications that allow arbitrary TypeScript/JavaScript...

CVE-2026-22785

orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...

orval 命令注入漏洞

Orval is an interface development tool from Orval Open Source. A command injection vulnerability exists in versions prior to orval 7.18.0 that stems from the MCP server generation logic not properly validating or escaping the summary field of the OpenAPI specification, which could lead to arbitra...