https://thegriffyn.me/blog Cybersecurity blog by Hamza Haroon - penetration testing write-ups, CTF solutions, CVEs, digital forensics, and threat intelligence research. en-us hamzaharooon@protonmail.com (Hamza Haroon) hamzaharooon@protonmail.com (Hamza Haroon) Tue, 16 Jun 2026 00:00:00 GMT https://thegriffyn.me/blog/oss/six-cves-in-swagger-typescript-api https://thegriffyn.me/blog/oss/six-cves-in-swagger-typescript-api swagger-typescript-api, one of npm's most-used OpenAPI-to-TypeScript client generators (~600K downloads/week), shipped four RCE CVEs, an SSRF, and an authorization-token exfiltration. Here's how a single attacker-controlled OpenAPI spec turns a code generator into remote code execution. Tue, 16 Jun 2026 00:00:00 GMT hamzaharooon@protonmail.com (Hamza Haroon) securitysupply-chainrcessrfopenapitypescriptcvecode-execution