Y
Hacker News
new
|
ask
|
show
|
jobs
by
morgante
297 days ago
The exploit is there either way.
1 comments
KingOfCoders
297 days ago
The exploit depends on changing the config to execute a .rb file. And the config was supplied by a PR.
link
flexagoon
297 days ago
Yes, but the exploit grants you access to ALL repos, not just the one the PR is in. You could just as well change the config in your own private repo and run coderabbit in it.
link