What is CVE-2023-46248?

CVE-2023-46248 is a critical-severity vulnerability in Sourcegraph Cody, classified under CWE-15. CVSS score: 9.1/10. Published 2023-10-31.

How severe is CVE-2023-46248?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Sourcegraph Cody

CVE-2023-46248

Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could…

EPSS: 0.033 (87.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

Sourcegraph Cody — versions >= 0.10.0, < 0.14.1

Weakness classification (CWE)

CWE-15

References

https://github.com/sourcegraph/cody/security/advisories/GHSA-8wmq-fwv7-xmwq (x_refsource_CONFIRM)
https://github.com/sourcegraph/cody/pull/1414 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-46248?: CVE-2023-46248 is a critical-severity vulnerability in Sourcegraph Cody, classified under CWE-15. CVSS score: 9.1/10. Published 2023-10-31.
How severe is CVE-2023-46248?: Critical severity. CVSS v3 base score is 9.1 out of 10.