{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-48919", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-10-09T22:06:46.172Z", "datePublished": "2024-10-22T20:58:21.962Z", "dateUpdated": "2024-10-23T14:49:26.530Z"}, "containers": {"cna": {"title": "RCE via Prompt Injection Into Cursor's Terminal Cmd-K", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 9.2, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/getcursor/cursor/security/advisories/GHSA-rmj9-23rg-gr67", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getcursor/cursor/security/advisories/GHSA-rmj9-23rg-gr67"}], "affected": [{"vendor": "getcursor", "product": "cursor", "versions": [{"version": "< 0.42", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-10-22T20:58:21.962Z"}, "descriptions": [{"lang": "en", "value": "Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web page could have a significant chance of influencing a language model to output arbitrary commands for execution in the user's terminal. This scenario would require the user explicitly opt-in to including the contents of a compromised webpage, and it would require that the attacker display prompt injection text in the the contents of the compromised webpage.\n\nA server-side patch to not stream back newlines or control characters was released on September 27, 2024, within two hours of the issue being reported. Additionally, Cursor 0.42 includes client-side mitigations to prevent any newline or control character from being streamed into the terminal directly. It also contains a new setting, `\"cursor.terminal.usePreviewBox\"`, which, if set to true, streams the response into a preview box whose contents then have to be manually accepted before being inserted into the terminal. This setting is useful if you're working in a shell environment where commands can be executed without pressing enter or any control character. The patch has been applied server-side, so no additional action is needed, even on older versions of Cursor. Separately, Cursor's maintainers also recommend, as best practice, to only include trusted pieces of context in prompts."}], "source": {"advisory": "GHSA-rmj9-23rg-gr67", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "cursor", "product": "cursor", "cpes": ["cpe:2.3:a:cursor:cursor:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.42", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T14:45:30.397438Z", "id": "CVE-2024-48919", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:49:26.530Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-48919", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-23T14:45:30.397438Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cursor:cursor:*:*:*:*:*:*:*:*"], "vendor": "cursor", "product": "cursor", "versions": [{"status": "affected", "version": "0", "lessThan": "0.42", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:49:04.658Z"}}], "cna": {"title": "RCE via Prompt Injection Into Cursor's Terminal Cmd-K", "source": {"advisory": "GHSA-rmj9-23rg-gr67", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.2, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "getcursor", "product": "cursor", "versions": [{"status": "affected", "version": "< 0.42"}]}], "references": [{"url": "https://github.com/getcursor/cursor/security/advisories/GHSA-rmj9-23rg-gr67", "name": "https://github.com/getcursor/cursor/security/advisories/GHSA-rmj9-23rg-gr67", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web page could have a significant chance of influencing a language model to output arbitrary commands for execution in the user's terminal. This scenario would require the user explicitly opt-in to including the contents of a compromised webpage, and it would require that the attacker display prompt injection text in the the contents of the compromised webpage.\n\nA server-side patch to not stream back newlines or control characters was released on September 27, 2024, within two hours of the issue being reported. Additionally, Cursor 0.42 includes client-side mitigations to prevent any newline or control character from being streamed into the terminal directly. It also contains a new setting, `\"cursor.terminal.usePreviewBox\"`, which, if set to true, streams the response into a preview box whose contents then have to be manually accepted before being inserted into the terminal. This setting is useful if you're working in a shell environment where commands can be executed without pressing enter or any control character. The patch has been applied server-side, so no additional action is needed, even on older versions of Cursor. Separately, Cursor's maintainers also recommend, as best practice, to only include trusted pieces of context in prompts."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-10-22T20:58:21.962Z"}}}, "cveMetadata": {"cveId": "CVE-2024-48919", "state": "PUBLISHED", "dateUpdated": "2024-10-23T14:49:26.530Z", "dateReserved": "2024-10-09T22:06:46.172Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-10-22T20:58:21.962Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web page could have a significant chance of influencing a language model to output arbitrary commands for execution in the user's terminal. This scenario would require the user explicitly opt-in to including the contents of a compromised webpage, and it would require that the attacker display prompt injection text in the the contents of the compromised webpage.\n\nA server-side patch to not stream back newlines or control characters was released on September 27, 2024, within two hours of the issue being reported. Additionally, Cursor 0.42 includes client-side mitigations to prevent any newline or control character from being streamed into the terminal directly. It also contains a new setting, `\"cursor.terminal.usePreviewBox\"`, which, if set to true, streams the response into a preview box whose contents then have to be manually accepted before being inserted into the terminal. This setting is useful if you're working in a shell environment where commands can be executed without pressing enter or any control character. The patch has been applied server-side, so no additional action is needed, even on older versions of Cursor. Separately, Cursor's maintainers also recommend, as best practice, to only include trusted pieces of context in prompts."}, {"lang": "es", "value": "Cursor es un editor de c\u00f3digo creado para programar con IA. Antes del 27 de septiembre de 2024, si un usuario generaba un comando de terminal a trav\u00e9s de la funci\u00f3n Cmd-K/Ctrl-K de la terminal de Cursor y si el usuario importaba expl\u00edcitamente una p\u00e1gina web maliciosa en el mensaje de aviso Cmd-K de la terminal, un atacante con control sobre la p\u00e1gina web a la que se hac\u00eda referencia pod\u00eda tener una posibilidad significativa de influir en un modelo de lenguaje para que generara comandos arbitrarios para su ejecuci\u00f3n en la terminal del usuario. Este escenario requerir\u00eda que el usuario optara expl\u00edcitamente por incluir el contenido de una p\u00e1gina web comprometida y que el atacante mostrara el texto de inyecci\u00f3n de mensajes en el contenido de la p\u00e1gina web comprometida. El 27 de septiembre de 2024, dentro de las dos horas posteriores a que se informara el problema, se lanz\u00f3 un parche del lado del servidor para no transmitir de vuelta las nuevas l\u00edneas o los caracteres de control. Adem\u00e1s, Cursor 0.42 incluye mitigaciones del lado del cliente para evitar que cualquier nueva l\u00ednea o car\u00e1cter de control se transmita directamente a la terminal. Tambi\u00e9n contiene una nueva configuraci\u00f3n, `\"cursor.terminal.usePreviewBox\"`, que, si se establece en true, transmite la respuesta a un cuadro de vista previa cuyo contenido debe aceptarse manualmente antes de insertarse en la terminal. Esta configuraci\u00f3n es \u00fatil si est\u00e1 trabajando en un entorno de shell donde los comandos se pueden ejecutar sin presionar Enter o cualquier car\u00e1cter de control. El parche se ha aplicado en el lado del servidor, por lo que no se necesita ninguna acci\u00f3n adicional, incluso en versiones anteriores de Cursor. Por otra parte, los mantenedores de Cursor tambi\u00e9n recomiendan, como mejor pr\u00e1ctica, incluir solo fragmentos de contexto confiables en los mensajes."}], "id": "CVE-2024-48919", "lastModified": "2024-10-23T15:12:34.673", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 9.2, "baseSeverity": "CRITICAL", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-10-22T21:15:06.813", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/getcursor/cursor/security/advisories/GHSA-rmj9-23rg-gr67"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}