5 matches found
CVE-2025-59532
Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...
CVE-2025-59532 Codex has sandbox bypass due to bug in path configuration logic
Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...
GHSA-W5FX-FH39-J5RW Codex has sandbox bypass due to bug in path configuration logic
Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and comman...
Fedora 41 : rust-h2 / uv (2025-92fd810e1d)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-92fd810e1d advisory. - Update uv to version 0.8.8. - Update the h2 crate to version 0.4.12. The builds in this update also address CVE-2025-54368. Tenable has extracted the...
Fedora 43 : python-uv-build / rust-h2 / uv (2025-8628ba80b1)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-8628ba80b1 advisory. - Update uv and python-uv-build to version 0.8.8. - Update the h2 crate to version 0.4.12. The builds in this update also address CVE-2025-54368. Tenable has...