CVE-2024-48919: 
Cursor IDE vulnerability analysis and mitigation

Cursor, a code editor built for programming with AI, disclosed a vulnerability (CVE-2024-48919) that affected its Terminal Cmd-K/Ctrl-K feature prior to September 27, 2024. The vulnerability allowed attackers controlling a malicious web page to potentially influence a language model to output arbitrary commands for execution in the user's terminal, but only if users explicitly imported the malicious web page into the Terminal Cmd-K prompt (GitHub Advisory).

The vulnerability stems from the ability to perform prompt injection attacks through malicious web content. If an attacker's web page contained specific base64-encoded instructions, the language model could be manipulated to output malicious commands followed by newlines, which would automatically execute in the user's terminal. The vulnerability has been assigned a CVSS 4.0 score of 9.2 CRITICAL with the vector string CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N, and is classified under CWE-20 (Improper Input Validation) (GitHub Advisory).

If successfully exploited, the vulnerability could allow attackers to execute arbitrary commands in the user's terminal. While the execution would be visible to the user, the automatic nature of the execution meant users might not be fast enough to cancel the request before execution (GitHub Advisory).

A server-side patch was implemented on September 27, 2024, preventing the streaming of newlines or control characters. Cursor 0.42 introduced additional client-side mitigations, including prevention of newline/control character streaming and a new setting 'cursor.terminal.usePreviewBox' that requires manual acceptance of commands. The server-side patch applies to all versions, requiring no additional action from users. As a best practice, users are recommended to only include trusted pieces of context in their prompts (GitHub Advisory).