Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute.

Whatever that binary does, it does as you, with your source, your SSH keys and your cloud tokens. Cursor keeps re-running it for as long as the project stays open.

No prompt

from The Hacker News https://ift.tt/Vs92N8M
https://ift.tt/JzyvlMc

About the Author

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like these