ANSI Escape Code Injection in OpenAI's Codex CLI

ANSI Escape Code Injection in OpenAI's Codex CLI(dganev.com)

2 points by syl5x 95 days ago | 2 comments

rvz 95 days ago |

> This post is happening because I’ve waited long enough. The vulnerability is still there, the report is still sitting at P5, and nobody from OpenAI has acknowledged the escalation. I’m not sure what else I’m supposed to do here.

So, this is a serious RCE 0day in Codex and the disclosure is now released to the world.

And yet no-one cares. (When everyone including vibe-coders and moltbots should care.)

syl5x 95 days ago | |

No not really, I rewrote that part since it gives the reader the wrong vibe. The RCE is quite unlikely (although possible), I believe however that people at OpenAI should care for such "P5 vulnerabilities" since something minor as this could be chained into something else later on.