Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cursor: Authentication Bypass Possible via New Cursorignore Write
Vulnerability Description
Cursor is a code editor built for programming with AI. In versions 1.7.23 and below, a logic bug allows a malicious agent to read sensitive files that should be protected via cursorignore. An attacker who has already achieved prompt injection, or a malicious model, could create a new cursorignore file which can invalidate the configuration of pre-existing ones. This could allow a malicious agent to read protected files. This issue is fixed in version 2.0.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Cursor 访问控制错误漏洞
Vulnerability Description
Cursor是Cursor开源的一个 AI 代码编辑器。 Cursor 1.7.23及之前版本存在访问控制错误漏洞,该漏洞源于逻辑错误,可能导致恶意代理读取受保护敏感文件。
CVSS Information
N/A
Vulnerability Type
N/A