Homepage

@openai/codex@0.1.2505141022 vulnerabilities

  • latest version

    0.11.0

  • latest non vulnerable version

    0.11.0

  • first published

    3 months ago

  • latest version published

    12 hours ago

  • licenses detected

  • View codex package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @openai/codex package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Inclusion of Functionality from Untrusted Control Sphere

    @openai/codex is a

    OpenAI Codex CLI

    Lightweight coding agent that runs in your terminal

    Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere due to auto-approving ripgrep execution even when the --pre, --hostname-bin, --search-zip, or -z flags are used. An attacker can execute unauthorized commands by leveraging these flags to trigger unintended command execution.

    How to fix Inclusion of Functionality from Untrusted Control Sphere?

    Upgrade @openai/codex to version 0.9.0 or higher.

    <0.9.0
    Go back to all versions of this package