OpenCode AI 編碼代理程式爆發關鍵未驗證遠端程式碼執行與檔案讀取漏洞

Hacker News·3 個月前

OpenCode AI 編碼代理程式被發現存在關鍵安全漏洞，包括未經驗證的遠端程式碼執行（RCE）和檔案讀取漏洞。這些問題允許任何網站利用該系統。

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

To see all available qualifiers, see our documentation.

Uh oh!

There was an error while loading. Please reload this page.

RCE and file read vulnerability #6355

Description

Vulnerability Summary

The OpenCode codebase has critical security vulnerabilities:

Attack Vector

Any website can:

OpenCode version

1.0.207

Steps to reproduce

Screenshot and/or share link

No response

Operating System

macos

Terminal

iTerm2

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Footer

Footer navigation

— Hacker News

你的個人知識庫

OpenCode AI 編碼代理程式爆發關鍵未驗證遠端程式碼執行與檔案讀取漏洞

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

RCE and file read vulnerability #6355

Description

Description

Vulnerability Summary

Attack Vector

OpenCode version

Steps to reproduce

Screenshot and/or share link

Operating System

Terminal

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Footer

Footer navigation