Coder AgentAPI exposed user chat history via a DNS rebinding attack
AgentAPI prior to version 0.4.0 was susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost.
Advisories for Golang/Github.com/Coder/Agentapi package
2025