CVE-2026-25141 | orval-labs orval up to 7.20.x/8.1.x Incomplete Fix CVE-2026-23947 jsStringEscape code injection (GHSA-gch2-phqh-fg9q)

Inserito da Angelo Barbosa | Gen 31, 2026 | CVE

A vulnerability was found in orval-labs orval up to 7.20.x/8.1.x. It has been rated as critical. Affected by this issue is the function jsStringEscape of the component Incomplete Fix CVE-2026-23947. The manipulation leads to code injection.

This vulnerability is listed as CVE-2026-25141. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is advised.

CVE-2026-25141 | orval-labs orval up to 7.20.x/8.1.x Incomplete Fix CVE-2026-23947 jsStringEscape code injection (GHSA-gch2-phqh-fg9q)

Post correlati

CVE-2024-6104 | HashiCorp Shared library up to 0.7.6 go-retryablehttp log file

CVE-2023-45859 | Hazelcast on Hazelcast Client Protocol permissions

CVE-2025-7540 | code-projects Online Appointment Booking System 1.0 /getclinic.php townid sql injection

CVE-2024-30382 | Juniper Junos OS/Junos OS Evolved Routing Protocol Daemon exceptional condition (JSA79174)