undefined | Better HN

0 pointsmorgante7mo ago0 comments

The exploit is there either way.

0 comments

The exploit depends on changing the config to execute a .rb file. And the config was supplied by a PR.

Yes, but the exploit grants you access to ALL repos, not just the one the PR is in. You could just as well change the config in your own private repo and run coderabbit in it.

j / k navigate · click thread line to collapse

0 pointsmorgante7mo ago0 comments

The exploit is there either way.

0 comments

KingOfCoders7mo ago

The exploit depends on changing the config to execute a .rb file. And the config was supplied by a PR.

flexagoon7mo ago

Yes, but the exploit grants you access to ALL repos, not just the one the PR is in. You could just as well change the config in your own private repo and run coderabbit in it.

j / k navigate · click thread line to collapse