1 comment

[ 2.8 ms ] story [ 12.1 ms ] thread
Completely made up and hallucinated AI slop. These are real repos but the code doesn't exist.

> Vulnerable Code Analysis (ubccr/xdmod): In classes/DB/EtlJournalHelper.php, the vulnerability occurs when the system directly concatenates unvalidated schema and table names into the SQL query string.

classes/DB/EtlJournalHelper.php does not exist, and git history does not show it ever existed. https://github.com/ubccr/xdmod/commits/main/classes/DB

> Vulnerable Code Analysis (spryker-shop/b2c-demo-shop): In the default configuration file config/Shared/config_default.php, the vulnerability stems from hardcoded OAuth client credentials where the secret is set to null, effectively making it an unprotected public client.

config/Shared/config_default.php is a real file, but the code snippet is fake. It doesn't look anything like the real code. https://github.com/spryker-shop/b2c-demo-shop/blame/master/c...

This AI slop falsely claiming that several innocent projects have critical vulnerabilities feels like it's bordering on defamation. If I was a project admin I would consider sending the lawyers in.