New top story on Hacker News: Unauthenticated remote code execution in OpenCode

Unauthenticated remote code execution in OpenCode
46 by CyberShadow | 4 comments on Hacker News.
Previous versions of OpenCode started a server which allowed any website visited in a web browser to execute arbitrary commands on the local machine. Make sure you are using v1.1.10 or newer; see link for more details.

Comments

Post a Comment

Popular posts from this blog

New top story on Hacker News: Show HN: Sourcebot – Self-hosted Perplexity for your codebase

Show HN: Sourcebot – Self-hosted Perplexity for your codebase 17 by bshzzle | 1 comments on Hacker News. Hi HN, We’re Brendan and Michael, the creators of Sourcebot ( https://ift.tt/VYzAJZP ), a self-hosted code understanding tool for large codebases. We originally launched on HN 9 months ago with code search ( https://ift.tt/xMdNSpO ), and we’re excited to share our newest feature: Ask Sourcebot. Ask Sourcebot is an agentic search tool that lets you ask complex questions about your entire codebase in natural language, and returns a structured response with inline citations back to your code. Some types of questions you might ask: - “How does authentication work in this codebase? What library is being used? What providers can a user log in with?” ( https://ift.tt/LQb0UlD ) - “When should I use channels vs. mutexes in go? Find real usages of both and include them in your answer” ( https://ift.tt/rp7Y34N ) - “How are shards laid out in memory in the Zoekt code search engine?” ( ht...
Read more