Cymulate

**Name of the Vulnerable Software and Affected Versions** Amazon Kiro IDE versions prior to 0.11 **Description** Insufficient access control restrictions in the file write tool allow remote unauthenticated actors to execute arbitrary commands. This is achieved by using crafted instructions to write to execution-sensitive paths, such as ".vscode/tasks.json", which enables auto-execution when a folder is opened. **Recommendations** Upgrade to version 0.11 or later.