OpenAI Codex flaw let attackers steal GitHub access tokens through command injection

A critical command injection flaw in OpenAI Codex let attackers steal GitHub access tokens from users and automated workflows, according to BeyondTrust Phantom Labs. The issue affected Codex across the ChatGPT website, Codex CLI, Codex SDK, and Codex IDE extension before OpenAI remediated it. The bug mattered because Codex connects directly to GitHub repositories and […] The post OpenAI Codex flaw let attackers steal GitHub access tokens through command injection appeared first on VPN Central.