Comment by throw_me_uwu

Comment by throw_me_uwu 18 hours ago

WTF, they not just made unauthenticated RCE http endpoint, they also helpfully added CORS bypass for it... all in CLI tool? That silently starts http server??

never_inline 10 hours ago

Someone tell the AI labs to stop training on tutorial code.

Reply View 0 replies

Hamuko 18 hours ago

I'm slightly surprised that the CORS policy wasn't just "*" considering how wide open the server itself was.

Reply View 2 replies

throw_me_uwu 18 hours ago

That's the point, it was!
https://github.com/anomalyco/opencode/commit/7d2d87fa2c44e32...

Reply View | 0 replies
gpm 18 hours ago

It seems like it was prior to 1.0.216?

Reply View | 0 replies

lifetimerubyist 13 hours ago

It’s a vibe, bro.

Reply View 0 replies