OpenAI Codex CLI Ripgrep Execution Auto-Approval Vulnerability

A vulnerability exists in OpenAI Codex CLI versions prior to 0.9.0, where the application automatically approves the execution of ripgrep (rg) commands. This auto-approval occurs even when potentially harmful flags are used, such as '--pre', '--hostname-bin', '--search-zip', or '-z'. The issue arises because the CLI does not properly validate these flags before granting permission to execute the command.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of ripgrep commands with unsafe flags, allowing for potential manipulation or access to sensitive information.

Reproduction

To reproduce this vulnerability, use OpenAI Codex CLI version 0.8.0 or earlier. Initiate a command that includes ripgrep with any of the unsafe flags: '--pre', '--hostname-bin', '--search-zip', or '-z'. The CLI will automatically approve the command without the necessary safeguards.

Remediation

Users can update to OpenAI Codex CLI version 0.9.0 or later, where this vulnerability has been addressed.