@openai/codex is vulnerable to Protection Mechanism Failure
59
Medium Risk
On Windows, @openai/codex uses a PowerShell safe-command classifier to decide whether a command is read-only enough to run without asking the user for approval. The classifier parses the script but only lowers the statements in the end block into argv-like words that it checks against a safe-command allowlist. Code placed in parameter defaults, begin, process, or clean blocks, using preambles, or top-level trap handlers is never inspected, so a script whose end block looks read-only can still execute side-effecting commands and be auto-approved. The fix treats any script containing those un-lowered AST regions as unsupported and routes it through the normal approval path.
You are affected if you are using a version that falls within the vulnerable range and you run Codex on Windows.
@openai/codex is vulnerable to Protection Mechanism Failure in versions 0.1.4160940 - 0.142.1.
Upgrade the @openai/codex library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant