Product

Deepseek-Tui-Cli (>= 0.3.0, < 0.8.23)

1 brief RSS

DeepSeek TUI run_tests Tool Enables RCE via Malicious Repository Without Approval

DeepSeek TUI's `run_tests` tool allows for remote code execution (RCE) via a malicious repository without user approval due to auto-approval of `cargo test` execution, which can be triggered by prompt injection via the `AGENTS.md` file, affecting versions >= 0.3.0 and < 0.8.23.

deepseek-tui +1 rce prompt-injection rust supply-chain

2r 2t 43m ago