{"data":{"id":"0f09f12f-6950-4b8f-ae0f-ba9718de05d9","title":"GHSA-hhx9-57xq-r5rw: @hey-api/openapi-ts's `buildClientParams` template: prototype chain substitution via unknown `$<slot>___proto__` key","summary":"The @hey-api/openapi-ts library has a vulnerability in its `buildClientParams` template where an attacker can inject a special key like `$query___proto__` to replace the prototype chain (the object that provides inherited properties) of generated request parameters. This affects all applications that use this library to generate SDKs (software development kits) and pass user-controlled data to those generated functions, particularly in proxy servers or API gateways.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-hhx9-57xq-r5rw","publishedAt":"2026-07-01T20:55:17.000Z","cveId":"CVE-2026-48819","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["@hey-api/openapi-ts@< 0.97.3 (fixed: 0.97.3)"],"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["@hey-api/openapi-ts"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-07-01T20:55:17.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}