Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cursor Affected by Arbitrary Code Execution via Prompt Injection and Whitelist Bypass
Vulnerability Description
Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections could result in commands being executed automatically, without the user’s explicit intent, thereby posing a significant security risk. This vulnerability is fixed in 2.0.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cursor 操作系统命令注入漏洞
Vulnerability Description
Cursor是Cursor开源的一款深度集成AI的智能代码编辑器。 Cursor 2.0之前版本存在操作系统命令注入漏洞,该漏洞源于模型可能执行恶意指令,可能导致命令自动执行。
CVSS Information
N/A
Vulnerability Type
N/A