Описание
ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json file), and consequently deploy updates to any app, via a postinstall script in package.json. No exploitation occurred.
EPSS
Процентиль: 70%
0.00623
Низкий
9.9 Critical
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 9.9
github
11 месяцев назад
ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json file), and consequently deploy updates to any app, via a postinstall script in package.json. No exploitation occurred.
EPSS
Процентиль: 70%
0.00623
Низкий
9.9 Critical
CVSS3
Дефекты
CWE-94