Wiz has identified a critical security vulnerability, dubbed GhostApproval, affecting six AI coding assistants. This flaw allows a malicious repository to hijack the human-in-the-loop confirmation dialog, enabling unauthorized writing to sensitive files such as \"~/.ssh/authorized_keys\". While AWS, Cursor, and Google have already released patches for their respective assistants, Anthropic, Augment, and Windsurf have yet to address the vulnerability. AI
IMPACT This vulnerability could allow malicious code injection into developer workflows, potentially compromising sensitive credentials and systems.
RANK_REASON Security vulnerability disclosure affecting AI developer tools.
Read on Mastodon — fosstodon.org →
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →