Name of the Vulnerable Software and Affected Versions:

Cursor versions prior to 1.3.9

Description:

Cursor, a code editor built for programming with AI, allows writing in-workspace files without user approval in affected versions. Specifically, creating new dotfiles does not require approval, while editing existing ones does. This allows an attacker to chain an indirect prompt injection vulnerability to hijack the context and write to sensitive editor files, such as the `.vscode/settings.json` file, potentially triggering Remote Code Execution (RCE) on the victim's machine without user approval.

Recommendations:

Update to version 1.3.9 or later.