| ▲ | llmslave2 20 hours ago |
| This feels so emblematic of our current era. VC funded vibe coded AI documentation startup somehow gets big name customers who don't properly vet the security of the platform, ship a massive vulnerability that could pwn millions of users and the person who reports the vulnerability gets...$5k. If I recall last week Mintlify wrote a blog post showcasing their impressive(ly complicated) caching architecture. Pretending like they were doing real engineering, when it turns out nobody there seems to know what they're doing, but they've managed to convince some big names to use them. Man, it's like everything I hate about modern tech. Good job Eva for finding this one. Starting to think that every AI startup or company that is heavily using gen-ai for coding is probably extremely vulnerable to the simplest of attacks. Might be a way to make some extra spending money lol. |
|
| ▲ | tptacek 19 hours ago | parent | next [-] |
| I don't think anybody in SFBA-style software development, both pre- and post-LLM, is really resilient against these kinds of attacks. The problem isn't vibe coding so much as it is multiparty DLL-hell dependency stacks, which is something I attribute more to Javascript culture than to any recent advance in technology. |
| |
| ▲ | tinco 16 hours ago | parent | next [-] | | I wonder what's worse, the SFBA-style software development, but also with SFBA-style 2 hour response window to serious bugs like Discord showed, or the old fashioned enterprise report your bug and within 2 months you'll receive an e-mail confirming your report if you're lucky and a letter from a lawyer if you're not. | |
| ▲ | Aachen 3 hours ago | parent | prev | next [-] | | That's "San Francisco Bay Area" for anyone else wondering | |
| ▲ | macNchz 17 hours ago | parent | prev | next [-] | | I do occasionally wonder how different things would be if JavaScript had come with a very robust standard library from early on. | | |
| ▲ | fireant an hour ago | parent | next [-] | | I also wonder about it recently. Also in regards to Rust which is hailed as the great savior but has the same, minimal, approach to standard library and needs loads of dependencies. | |
| ▲ | auxiliarymoose 7 hours ago | parent | prev [-] | | The crazy thing is that today the JavaScript standard library is very robust, and yet the culture of pulling in a ton of dependencies persists. It's so much easier to develop code against a stable and secure platform, yet it seems the choice is often to pull in hundreds of bits of code maintained by many different parties (instead of doing a little more in-house). |
| |
| ▲ | llmslave2 19 hours ago | parent | prev | next [-] | | You're right that it's a specific programming culture that is especially vulnerable to it. And for the same reasons they were vulnerable to the same thing to a lesser degree before the rise of LLMs. But like, this case isn't really a dependency or supply chain attack. It's just allowing remote code execution because, idk, the dev who implemented it didn't read the manual and see that MDX can execute arbitrary code or something. Or maybe they vibe coded it and saw it worked and didn't bother to check. Perhaps it's a supply-chain attack on Discord et al to use Mintlify, if thats what you meant then I apologize. I think you're right that I have an extreme aversion to SFBA-style software development, and partly because of how gen-ai is used there. | | |
| ▲ | michaelt 19 hours ago | parent [-] | | One might consider this a supply chain attack because the title of the post is “We pwned X, Vercel, Cursor, and Discord through a supply-chain attack” | | |
| |
| ▲ | mattmanser 5 hours ago | parent | prev | next [-] | | It's got nothing to do with DLLs or libraries or anything like that. This is a bug in their domain code. This is a simple, and bloody stupid, multi-tenant bug in a SaaS where they're not checking the tenant id before serving tenant content. Coupled with exploiting same domain cookies. Both of these have been problems that we have dealt with, and been vigilant against in SaaS apps. We had a lot of these type of attacks in the 00s when people first started deploying SaaSes and for a while we were all vigilant. The common vector for cookies back then was you'd have your main app "acmeforce.com" and you'd host customers under sub-domains like "arasaka.acmeforce.com" and cookie shenanigans would allow all sorts of attack vectors against the root site (I think github had one at one point, might be wrong!). It's more that browser changes have allowed us to forget cookie problems, in a good way. And software developers seem to have a memory of a goldfish. The browsers have tried to build in all sort of protections against these attacks, but they only work against different domains, so we hit all the same problems as soon as some inexperienced developers starts making a multi-tenant app without proper testing. | |
| ▲ | ajross 17 hours ago | parent | prev [-] | | You're preaching to the choir about the fragility of the the "dig the dependency stack all the way down to hell" paradigm. But I don't think it applies in this particular case (neither does attributing it to vibe coding, IMHO). The component which ultimately executed the payload in the SVG was the browser, and the backend dependency stack just served it verbatim as specified by the user. This is a 1990's style XSS fuckup, not anything subtle. |
|
|
| ▲ | tick_tock_tick 17 hours ago | parent | prev | next [-] |
| The issue is everyone loves to have everything fronted by a single domain. Most of xss is because of this basic flaw. All of this could have been avoided if discord didn't run their API docs through discord.com |
| |
| ▲ | __float 16 hours ago | parent | next [-] | | It's a bit surprising they did that, to be honest. I work at a similarly-sized, HN-popular tech company and our security team is very strict about less-trusted (third party!!) code running on another domain, or a subdomain at the very least, with strict CSP and similar. But in the age of AI, it seems like chasing the popular thing takes precedence to good practices. | |
| ▲ | joshdavham 12 hours ago | parent | prev | next [-] | | Thanks for this comment tick_tock :) After reading this, I did some research and learned a lot. I never really considered that, by including many things under the same domain, that you're increasing your blast radius w.r.t security vulernabilites. Thanks for that | |
| ▲ | 8 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | staticassertion 12 hours ago | parent | prev [-] | | This is what it really comes down to. Browsers are built around origins as the major security boundary. When you use a separate origin, safety comes for free. | | |
| ▲ | integralid 3 hours ago | parent | next [-] | | And you open another can of worms which is phishing. If you run your marketing campaigns from yourcompany-deals-2025.com don't be surprised when people click yourcompany-login.com links | |
| ▲ | mock-possum 7 hours ago | parent | prev [-] | | Trust doesn’t though - discord.com/docs looks legit, as does docs.discord.com - discord-docs.com immediately sets off red flags | | |
| ▲ | brap 5 hours ago | parent [-] | | Is there no way to tell the browser “hey this URL is using the same domain but please isolate it from the rest”? |
|
|
|
|
| ▲ | Banditoz 19 hours ago | parent | prev [-] |
| I'm curious what caching architecture a docs site needs, it can't be more complicated than a standard fare CDN? |
| |
