Dossier
Amazon Q Developer
Coverage of Amazon Q Developer in the Nexus archive.
- GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
Researchers at Wiz discovered a vulnerability in six AI coding assistants that allows malicious code repositories to execute unauthorized code by exploiting a symlink flaw. The affected tools include Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.