Unauthenticated remote code execution in OpenCode
kept by eddie
OpenCode's unauthenticated HTTP endpoint allows remote code execution, sparking criticism over its security practices and maintainer responsiveness.