A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it.
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
Résumé + lien vers la source. Sans paywall, sans tracking.