告诉HN:光标停留在过时的VSCode市场,CVE未解决
光标当前仍在使用过时的 VSCode 市场快照,这意味着光标中的多个扩展仍受到已经在 VSCode 中修复的高严重性 CVE 的影响。因此,光标用户在不知情的情况下仍然面临已知的安全问题。
这个问题已经被确认,但仍未解决: https://github.com/getcursor/cursor/issues/1602#issuecomment-2654870021
鉴于光标的日益普及,用户应注意这一安全更新的缺口。在光标团队解决市场同步问题之前,使用某些扩展时建议保持谨慎。
是否还有其他人遇到安全问题,或者对在此问题解决之前降低风险有进一步的见解?
查看原文
Cursor is currently stuck using an outdated snapshot of the VSCode Marketplace, meaning several extensions within Cursor remain affected by high-severity CVEs that have already been patched upstream in VSCode. As a result, Cursor users unknowingly remain vulnerable to known security issues.<p>This issue has been acknowledged but remains unresolved: https://github.com/getcursor/cursor/issues/1602#issuecomment-2654870021<p>Given Cursor's rising popularity, users should be aware of this gap in security updates. Until the Cursor team resolves the marketplace sync issue, caution is advised when using certain extensions.<p>Has anyone else encountered security concerns or has further insights on mitigating risks until this is resolved?