Skip to content

docs(security): scheduled application security review (2026-06-02)#10

Draft
cursor[bot] wants to merge 1 commit into
mainfrom
cursor/application-security-review-5025
Draft

docs(security): scheduled application security review (2026-06-02)#10
cursor[bot] wants to merge 1 commit into
mainfrom
cursor/application-security-review-5025

Conversation

@cursor

@cursor cursor Bot commented Jun 2, 2026

Copy link
Copy Markdown

Scheduled application security review documenting validated medium+ findings.

New this scan:

  • [MEDIUM] Permission model bypass via FileHandle futimes/fdatasync/fsync on read-only fds (lib/internal/fs/promises.js)

Previously documented:

  • [HIGH] Permission model bypass via attacker-controlled NODE_OPTIONS in child_process (lib/child_process.js)

See security-reviews/2026-06-02-application-security-review.md for full attack paths and remediation guidance.

Open in Web View Automation 

Co-authored-by: quan.m.le <quan.m.le@opswat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant