CNNVD-202601-5073 Information
CNNVD ID
CNNVD-202601-5073
Related CVE
- CNNVD Published: 2026-01-30
Description (Chinese)
Orval是Orval开源的一个接口开发工具。 Orval 7.19.0版本至7.21.0之前版本和8.2.0之前版本存在代码注入漏洞,该漏洞源于jsStringEscape函数转义不完整,可能导致代码注入。
Description (English)
Orval is an interface development tool for the Open Source of Orval. Orval 7.19.0 to 7.21.0 and 8.2.0 had a code-injection gap, which stemmed from the incomplete conversion of the JsStringEscap function, which could lead to code-injection.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
Orval
Published
2026-01-30
Last Modified
2026-02-24
References
https://github.com/orval-labs/orval/blob/02211fc413524be340ba9ace866a2ef68845ca7c/packages/core/src/utils/string.ts#L227 https://github.com/orval-labs/orval/releases/tag/v7.21.0 https://github.com/orval-labs/orval/releases/tag/v8.2.0 https://github.com/orval-labs/orval/security/advisories/GHSA-gch2-phqh-fg9q https://github.com/orval-labs/orval/security/advisories/GHSA-h526-wf6g-67jv https://access.redhat.com/security/cve/cve-2026-25141
Patch
https://github.com/orval-labs/orval/releases
Share on: