Full disclosure: Arbitrary code execution in Cursor
16 points by owent
16 points by owent
I was expecting a joke about the AI agents executing whatever occurs to them amounting to arbitrary code execution. But as alway AI tools surpass expectations...
Yeah, me too. ACE is a default-enabled feature of Cursor. You also have to disable to the one to download prompt injections from the internet
I don't think it's hyperbolic to suggest that their response to the report here opens the question of whether this might be a backdoor as opposed to a bug.
I guess my opinion is irrelevant here, because I wasn't going to ever use it anyway. But if I were responsible for endpoint security in a place, I'd be banning cursor rather than trying to mitigate this the way the disclosure post suggests.
a tale as old as time: don't put . in your $PATH/%PATH%
This feels like, along with the dangers of in-band command channels, one of many lessons being re-learned by LLM enjoyers.
Several people on HN note that Cursor ships with VS Code's workspace trust disabled by default. So in Cursor's default configuration, the trust model doesn't allow for opening untrusted codebases anyway.
However: