Security: christianhelle/refitter
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Generation-time SSRF, remote file inclusion, and local file inclusion via unrestricted $refGHSA-x6w4-f264-3vvr published
Jun 29, 2026 by christianhelleHigh -
RCE via OpenAPI path -> unescaped [Get("...")] Refit attribute -> [ModuleInitializer] at assembly loadGHSA-3fhm-p725-h3g3 published
Jun 30, 2026 by christianhelleCritical -
RCE via content-type key (content map key in requestBody/responses) -> unescaped [Headers("Accept: <ct>", "Content-Type: <ct>")] Refit attribute -> [ModuleInitializer] at assembly loadGHSA-p32v-8v8j-j534 published
Jun 30, 2026 by christianhelleCritical -
RCE via header parameter name (parameters[].name with in: header) -> unescaped [Header("<name>")] Refit attribute -> [ModuleInitializer] at assembly loadGHSA-58x9-vjvp-6mx8 published
Jun 30, 2026 by christianhelleCritical
Learn more about advisories related to christianhelle/refitter in the GitHub Advisory Database