OpenCode AI coding agent hit by critical unauthenticated RCE vulnerability github.com 3 points by AlexAltea 4 months ago
rvz 4 months ago Probably nothing. AlexAltea 4 months ago Probably nothing based on what? I have reproduced the finding locally...Any website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.
AlexAltea 4 months ago Probably nothing based on what? I have reproduced the finding locally...Any website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.
Probably nothing.
Probably nothing based on what? I have reproduced the finding locally...
Any website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.