Comment by morgante Comment by morgante 6 days ago 2 replies Copy Link View on Hacker News The exploit is there either way.
Copy Link KingOfCoders 6 days ago Collapse Comment - The exploit depends on changing the config to execute a .rb file. And the config was supplied by a PR. Reply View | 1 reply Copy Link flexagoon 6 days ago Parent Collapse Comment - Yes, but the exploit grants you access to ALL repos, not just the one the PR is in. You could just as well change the config in your own private repo and run coderabbit in it. Reply View | 0 replies
Copy Link flexagoon 6 days ago Parent Collapse Comment - Yes, but the exploit grants you access to ALL repos, not just the one the PR is in. You could just as well change the config in your own private repo and run coderabbit in it. Reply View | 0 replies
The exploit depends on changing the config to execute a .rb file. And the config was supplied by a PR.