A critical vulnerability with a CVSS score of 10.0 has been discovered in Google's Gemini CLI, allowing an attacker to execute arbitrary code by submitting a pull request that includes a malicious configuration file. This exploit bypasses security measures by loading the compromised file before the agent's sandbox is activated. The incident is part of a larger trend of security breaches affecting AI tools, with other recent examples including CursorJacking and a supply chain attack on Vercel's AI tool. AI
影响 Highlights critical security flaws in AI agent trust models, potentially impacting enterprise adoption and requiring enhanced supply chain security.
排序理由 Discovery of a critical vulnerability in an AI-powered command-line tool.
在 Mastodon — fosstodon.org 阅读 →
AI 生成摘要 · Google Gemini · 来自 1 个来源。 我们如何撰写摘要 →
