Cline is an AI coding agent with over 3.8 million installs, yet it harbors significant security vulnerabilities as found by Mindgard researchers. The flaws allow attackers to execute arbitrary code and exfiltrate sensitive information via prompt-injection attacks on various code files. The vulnerabilities include DNS-based data exfiltration, which can leak critical API keys, and arbitrary code execution vulnerabilities tied to the alternative use of .clinerules directory. Exploitation is alarmingly straightforward, requiring minimal user interaction. Further vulnerabilities expose the underlying AI model, raising flags about security measures.
Despite the vendor being informed prior to the publication of these findings, the lack of timely mitigations has raised serious concerns regarding the security landscape of AI coding agents. The development team completed some mitigation measures in version 3.35.0, reflecting efforts to enhance security. However, these events underline the urgency in addressing security within AI tools, as they have become vital in software development.
👉 Pročitaj original: Cyber Security News
