top | item 46675076 (no title) geoffmanning | 1 month ago The one thing here confusing to me is the past tense used throughout. This CVE seems presented as both past and present, yet the present evidence isn't... Presented. discuss order hn newest jpmcb|1 month ago True: but technically the CVE was mitigated by OpenCode by after 1.1.10* Not running the server by default * Patched the wide open CORS policy which left the server open to execution by any page you visited.The server is still there but you have to explicitly enable it via `opencode serve`The original disclosure has a table of fixes that have landed: https://cy.md/opencode-rce/
jpmcb|1 month ago True: but technically the CVE was mitigated by OpenCode by after 1.1.10* Not running the server by default * Patched the wide open CORS policy which left the server open to execution by any page you visited.The server is still there but you have to explicitly enable it via `opencode serve`The original disclosure has a table of fixes that have landed: https://cy.md/opencode-rce/
jpmcb|1 month ago
* Not running the server by default * Patched the wide open CORS policy which left the server open to execution by any page you visited.
The server is still there but you have to explicitly enable it via `opencode serve`
The original disclosure has a table of fixes that have landed: https://cy.md/opencode-rce/