Cursor 0day: When Full Disclosure Becomes the Only Protection Left - Mindgard
- The vulnerability nobody seems interested in fixingKey TakeawaysAfter loading a project, Cursor attempts to find git binaries at various locations including the current workspace.
- By creating a repository with a planted malicious git.exe in the root, the IDE will execute it with no user interaction and no prompting of the user.
- Sometimes security research uncovers deeply technical vulnerabilities that require pages of explanation.
Unverified
- The vulnerability nobody seems interested in fixingKey TakeawaysAfter loading a project, Cursor attempts to find git binaries at various locations including the current workspace.
- By creating a repository with a planted malicious git.exe in the root, the IDE will execute it with no user interaction and no prompting of the user.
- Sometimes security research uncovers deeply technical vulnerabilities that require pages of explanation.
Sources: Mindgard