orval icon indicating copy to clipboard operation
orval copied to clipboard

Published 20 hours ago verified publisher icon anymaniax

Security issue from Dependabot

Open oyvindi opened this issue 1 year ago • 2 comments

The following is reported from Dependabot (NPM also flags this as critical):

JSONPath Plus Remote Code Execution (RCE) Vulnerability

[email protected] requires [email protected] via a transitive dependency on @stoplight/[email protected] [email protected] requires jsonpath-plus@^6.0.1 via a transitive dependency on [email protected] No patched version available for jsonpath-plus

Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.

oyvindi avatar Oct 15 '24 12:10 oyvindi

Duplicate of https://github.com/orval-labs/orval/issues/1661

melloware avatar Oct 15 '24 12:10 melloware

image

melloware avatar Oct 15 '24 12:10 melloware