Comment by elpakal

Comment by elpakal 6 days ago

4 replies

View on Hacker News

> After responsibly disclosing this critical vulnerability to the CodeRabbit team, we learned from them that they had an isolation mechanism in place, but Rubocop somehow was not running inside it.

Curious what this (isolation mechanism) means if anyone knows.

diggan 6 days ago

> Curious what this (isolation mechanism) means if anyone knows.

If they're anything like the typical web-startup "developing fast but failing faster", they probably are using docker containers for "security isolation".

Reply View 1 reply
  • [removed] 6 days ago
    [deleted]
    Reply View 0 replies
benmmurphy 6 days ago

What a lucky coincidence that the tool the researcher attacked because it allowed code execution was not sandboxed.

Reply View 0 replies
kachapopopow 6 days ago

you could say that they have vibe forgotten to sandbox it.

(likely asked AI to implement x and ai completely disregarded the need to sandbox).

Reply View 0 replies