Описание
Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive files that should be protected via cursorignore. An attacker who has already achieved prompt injection, or a malicious model, could create a new cursorignore file which can invalidate the configuration of pre-existing ones. This could allow a malicious agent to read protected files. This issue is fixed in version 2.0.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0 (исключая)
cpe:2.3:a:anysphere:cursor:*:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
7.5 High
CVSS3
Дефекты
CWE-284
EPSS
Процентиль: 13%
0.00044
Низкий
7.5 High
CVSS3
Дефекты
CWE-284