| ▲ | elpakal 6 days ago | |||||||
> After responsibly disclosing this critical vulnerability to the CodeRabbit team, we learned from them that they had an isolation mechanism in place, but Rubocop somehow was not running inside it. Curious what this (isolation mechanism) means if anyone knows. | ||||||||
| ▲ | diggan 6 days ago | parent | next [-] | |||||||
> Curious what this (isolation mechanism) means if anyone knows. If they're anything like the typical web-startup "developing fast but failing faster", they probably are using docker containers for "security isolation". | ||||||||
| ||||||||
| ▲ | benmmurphy 6 days ago | parent | prev | next [-] | |||||||
What a lucky coincidence that the tool the researcher attacked because it allowed code execution was not sandboxed. | ||||||||
| ▲ | kachapopopow 6 days ago | parent | prev [-] | |||||||
you could say that they have vibe forgotten to sandbox it. (likely asked AI to implement x and ai completely disregarded the need to sandbox). | ||||||||