Affected by GO-2024-3228
and 17 other vulnerabilities
GO-2024-3228: Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder
GO-2025-3921: Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder
GO-2025-4182: Coder logs sensitive objects unsanitized in github.com/coder/coder
GO-2026-5169: Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint in github.com/coder/coder
GO-2026-5196: Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft in github.com/coder/coder
GO-2026-5897: Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent in github.com/coder/coder
GO-2026-5906: Coder: User-admin role can reset owner account password in github.com/coder/coder
GO-2026-5907: Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking in github.com/coder/coder
GO-2026-5908: Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass in github.com/coder/coder
GO-2026-5909: Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID in github.com/coder/coder
GO-2026-5913: Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh` in github.com/coder/coder
GO-2026-5915: Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator in github.com/coder/coder
GO-2026-5917: Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access in github.com/coder/coder
GO-2026-5918: Coder's workspace app CORS origin check can be bypassed via UUID-based subdomain spoofing in github.com/coder/coder
GO-2026-5919: Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component in github.com/coder/coder
GO-2026-5922: Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers in github.com/coder/coder
GO-2026-5924: Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps in github.com/coder/coder
GO-2026-5926: Coder's sub-agent app registration bypasses template port-sharing policy enforcement in github.com/coder/coder
package
Version:
v2.13.2
Opens a new window with list of versions in this module.
Published: Jul 23, 2024
License: AGPL-3.0
Opens a new window with license information.
Imports: 9
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
Documentation
¶
Package agentproc contains logic for interfacing with local
processes running in the same context as the agent.
type UnixSyscaller struct{}
Source Files
¶
Directories
¶
Package agentproctest contains utility functions for testing process management in the agent.
|
Package agentproctest contains utility functions for testing process management in the agent. |
Click to show internal directories.
Click to hide internal directories.