OpenCode AI coding agent hit by critical unauthenticated RCE vulnerability (github.com) 3 points by AlexAltea 6mo ago ↗ HN
[–] rvz 6mo ago ↗ Probably nothing. [–] AlexAltea 6mo ago ↗ Probably nothing based on what? I have reproduced the finding locally...Any website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.
[–] AlexAltea 6mo ago ↗ Probably nothing based on what? I have reproduced the finding locally...Any website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.
2 comments
[ 5.1 ms ] story [ 13.5 ms ] threadAny website can trivially run arbitrary code as the current user if OpenCode is installed; that's CVSS ~10.