Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cursor's Sensitive File Modification can Lead to NTFS Path Quirks
Vulnerability Description
Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite files which Cursor requires human approval to overwrite. Modification of some of the protected files can lead to RCE. Must be chained with a prompt injection or malicious model attach. Only affects systems supporting NTFS. This issue is fixed in version 2.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Cursor 代码注入漏洞
Vulnerability Description
Cursor是Cursor开源的一个 AI 代码编辑器。 Cursor 1.7.44及之前版本存在代码注入漏洞,该漏洞源于NTFS路径特性允许绕过敏感文件保护,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A