漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cursor: Authentication Bypass Possible via New Cursorignore Write
Vulnerability Description
Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive files that should be protected via cursorignore. An attacker who has already achieved prompt injection, or a malicious model, could create a new cursorignore file which can invalidate the configuration of pre-existing ones. This could allow a malicious agent to read protected files. This issue is fixed in version 2.0.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Cursor 访问控制错误漏洞
Vulnerability Description
Cursor是Cursor开源的一个 AI 代码编辑器。 Cursor 1.7.23及之前版本存在访问控制错误漏洞,该漏洞源于逻辑错误,可能导致恶意代理读取受保护敏感文件。
CVSS Information
N/A
Vulnerability Type
N/A