Vulnerability	Vulnerable Version
C Arbitrary Command Injection Affected versions of this package are vulnerable to Arbitrary Command Injection via the `jsStringEscape` function. An attacker can execute arbitrary code in generated files by injecting / sequences that breaks out of JavaScript comment blocks. Note:* This vulnerability stems from an incomplete fix for CVE-2026-23947 How to fix Arbitrary Command Injection? Upgrade `@orval/core` to version 7.21.0, 8.2.0 or higher.	>=7.10.0 <7.21.0>=8.0.0-rc.0 <8.2.0
C Arbitrary Command Injection Affected versions of this package are vulnerable to Arbitrary Command Injection via the `getEnumImplementation` function. An attacker can execute arbitrary code in environments that consume generated clients by supplying a crafted OpenAPI specification containing malicious content in the `x-enumDescriptions` field. How to fix Arbitrary Command Injection? Upgrade `@orval/core` to version 7.19.0, 8.0.2 or higher.	>=7.10.0 <7.19.0>=8.0.0-rc.0 <8.0.2

Arbitrary Command Injection

Affected versions of this package are vulnerable to Arbitrary Command Injection via the jsStringEscape function. An attacker can execute arbitrary code in generated files by injecting */ sequences that breaks out of JavaScript comment blocks.

Note: This vulnerability stems from an incomplete fix for CVE-2026-23947

How to fix Arbitrary Command Injection?

Upgrade @orval/core to version 7.21.0, 8.2.0 or higher.

>=7.10.0 <7.21.0>=8.0.0-rc.0 <8.2.0

Arbitrary Command Injection

Affected versions of this package are vulnerable to Arbitrary Command Injection via the getEnumImplementation function. An attacker can execute arbitrary code in environments that consume generated clients by supplying a crafted OpenAPI specification containing malicious content in the x-enumDescriptions field.

How to fix Arbitrary Command Injection?

Upgrade @orval/core to version 7.19.0, 8.0.2 or higher.

>=7.10.0 <7.19.0>=8.0.0-rc.0 <8.0.2

Go back to all versions of this package