2 matches found
CVE-2025-49150
Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...
CVE-2025-49150
Cursor is vulnerable prior to version 0.51.0 due to json.schemaDownload.enable being True by default. When a JSON file is written, an attacker can trigger an arbitrary HTTP GET request without user confirmation, and because the Cursor Agent can edit JSON files, this can enable data exfiltration i...