Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json file), and consequently deploy updates to any app, via a postinstall script in package.json. No exploitation occurred.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
ToDesktop 代码注入漏洞
Vulnerability Description
ToDesktop是ToDesktop公司的一款应用程序。可以将 Web 应用程序代码库转换为具有本机功能的跨平台桌面应用程序。 ToDesktop 2024-10-03之前版本存在安全漏洞,该漏洞源于postinstall脚本允许远程攻击者在构建服务器上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A