CodeRabbit patches remote code execution flaw exposing repositories
Take action: You can't do much about this flaw, it's already fixed. But if you are building systems where users can enter code, isolate them to a separate sandbox, so even if they are compromised the breach doesn't anything. And limit and validate what the users can enter.
Learn More
Kudelski Security researchers report a now patched vulnerability in CodeRabbit, an AI-powered code review platform, that could have provided attackers with read and write access to code repositories, including private ones.
No CVE number has been assigned to the vulnerability. The flaw exploited CodeRabbit's integration with Rubocop, a Ruby static code analyzer that processes configuration files during automated code reviews. The vulnerability allowed authenticated users to achieve remote code execution on CodeRabbit's production servers by creating a pull request containing malicious configuration files.
Researchers discovered that CodeRabbit would automatically execute Rubocop on Ruby files when a .rubocop.yml configuration file was present in the repository. By creating a malicious .rubocop.yml file with a require: ./ext.rb directive, attackers could instruct Rubocop to load and execute arbitrary Ruby code contained in the extension file.
Successful exploit exposed access to CodeRabbit's production environment, including API credentials and infrastructure secrets:
- Anthropic API keys (free, open source, paid, trial versions)
- OpenAI API keys (free, open source, paid, trial versions)
- GitHub App private key (GITHUB_APP_PEM_FILE)
- PostgreSQL database credentials (host, username, password)
- Aperture agent authentication keys
- Courier notification authentication tokens
- Encryption passwords and salts
- GitLab personal access tokens
- Jira application secrets
- Langchain/Langsmith API keys
- LanguageTool API credentials
- Pinecone vector database keys
The vulnerability was discovered in December 2024, responsibly disclosed in January 2025, and presented at Black Hat USA 2025
CodeRabbit confirmed the vulnerability and patched the issue, starting by disabling Rubocop until a fix was in place. All potentially impacted credentials and secrets were rotated within hours. A permanent fix was deployed to production, relocating Rubocop into their secure sandbox environment.
CodeRabbit performed a full audit of their systems to ensure no other services were running outside of sandbox protections, automated sandbox enforcement to prevent recurrence, and added hardened deployment gates.
The vulnerability was completely resolved by January 30, 2025, with all external static analysis tools properly sandboxed to prevent similar exploitation vectors.
