漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cursor sandbox escape via Git hooks
Vulnerability Description
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time they are triggered. No user interaction was required as Git executes these commands automatically. Fixed in version 2.5.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
授权机制缺失
Vulnerability Title
Cursor 安全漏洞
Vulnerability Description
Cursor是Cursor开源的一款深度集成AI的智能代码编辑器。 Cursor 2.5之前版本存在安全漏洞,该漏洞源于可通过写入.git配置实现沙箱逃逸,可能导致触发时发生沙箱外远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A