Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cursor Agent Potentially Leaks Information using JSON schema
Vulnerability Description
Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Cursor 信息泄露漏洞
Vulnerability Description
Cursor是Cursor开源的一个 AI 代码编辑器。 Cursor 0.51.0之前版本存在信息泄露漏洞,该漏洞源于JSON模式下载设置不当,可能导致任意HTTP GET请求。
CVSS Information
N/A
Vulnerability Type
N/A