Researchers Discover RCE Vulnerability in AI-Powered Tool

Security researchers from Orca Security identified a critical remote code execution (RCE) vulnerability in OpenAI’s open-source Codex command-line interface (CLI). The tool is designed to allow developers to interact with the Codex AI model directly from their terminal. The flaw, which has since been patched by OpenAI, existed within a Python script used by the CLI and posed a security risk to developer environments.

The vulnerability was discovered by Orca Security researcher Yoav Alon. Following the discovery, Orca Security engaged in a coordinated disclosure process with OpenAI to ensure the issue was remediated before public announcement.

Technical Flaw and Coordinated Remediation

The root cause of the RCE vulnerability was located in the CLI’s suggest command. This feature was intended to provide developers with AI-generated command suggestions. The script responsible for this functionality, openai.py, used Python’s built-in eval() function on input without proper sanitization. This implementation detail allowed for the injection and execution of arbitrary code.

Orca Security demonstrated that a malicious command suggestion, such as a crafted Git command, could be presented to a developer. If the developer accepted and executed the malicious suggestion, the embedded code would run on their local machine. Upon receiving the vulnerability report, OpenAI acknowledged the issue and released a patched version of the Codex CLI. The fix involved removing the use of the insecure eval() function and replacing it with a safer method for handling suggestions.

Source: https://www.csoonline.com/article/4100632/rce-flaw-in-openais-codex-cli-highlights-new-risks-to-dev-environments.html