Lfprojects Modelina
By the Year
In 2024 there have been 0 vulnerabilities in Lfprojects Modelina . Last year Modelina had 1 security vulnerability published. Right now, Modelina is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 8.80 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Modelina vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Lfprojects Modelina Security Vulnerabilities
Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents
CVE-2023-23619
8.8 - High
- January 26, 2023
Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer's GitHub Security Advisory (GHSA) noting "It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior." The suggested workaround from the maintainers is "Fully custom presets that change the entire rendering process which can then escape the user input."
Code Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Lfprojects Modelina or by Lfprojects? Click the Watch button to subscribe.