Orval Mock Generation Code Injection via const

Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema properties. These const values are interpolated into the mock scalar generator (getMockScalar in packages/mock/src/faker/getters/scalar.ts) without proper escaping or type-safe serialization, which results in attacker-controlled code being emitted into both interface definitions and faker/MSW handlers. The vulnerability is similar in impact to the previously reported enum x-enumDescriptions (GHSA-h526-wf6g-67jv), but it affects a different code path in the faker-based mock generator rather than @orval/core. The issue has been fixed in versions 7.20.0 and 8.0.3.

N/A

在命令中使用的特殊元素转义处理不恰当(命令注入)

Orval 命令注入漏洞

Orval是Orval开源的一个接口开发工具。 Orval 7.19.0及之前版本和8.0.0-rc.0至8.0.2版本存在命令注入漏洞，该漏洞源于未受信任的OpenAPI规范可通过const关键字注入任意TypeScript/JavaScript代码，可能导致攻击者控制的代码被注入。

N/A

N/A