ANSI Escape Code Injection in OpenAI's Codex CLI
dganev.com> This post is happening because I’ve waited long enough. The vulnerability is still there, the report is still sitting at P5, and nobody from OpenAI has acknowledged the escalation. I’m not sure what else I’m supposed to do here.
So, this is a serious RCE 0day in Codex and the disclosure is now released to the world.
And yet no-one cares. (When everyone including vibe-coders and moltbots should care.)
No not really, I rewrote that part since it gives the reader the wrong vibe. The RCE is quite unlikely (although possible), I believe however that people at OpenAI should care for such "P5 vulnerabilities" since something minor as this could be chained into something else later on.