{"data":{"id":"ff819804-b347-423f-a18e-af570fe6390b","title":"CVE-2024-48919: Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via","summary":"Cursor is a code editor that uses AI to help with programming. Before September 27, 2024, attackers could trick Cursor's command generation feature into running harmful commands if a user imported a malicious website into the prompt and the attacker used prompt injection (hidden instructions in text that manipulate AI behavior) on that website. A server-side patch was released quickly to block dangerous characters, and Cursor version 0.42 added client-side protections and a new preview box setting that requires manual approval before commands run.","solution":"A server-side patch released on September 27, 2024 prevents newlines or control characters from being streamed back. Cursor 0.42 includes client-side mitigations that block newlines or control characters from entering the terminal directly. Users can enable the setting `\"cursor.terminal.usePreviewBox\"` and set it to `true` to stream responses into a preview box that must be manually accepted before inserting into the terminal. The patch is applied server-side, so no additional action is needed on older versions. Additionally, Cursor's maintainers recommend only including trusted context in prompts as a best practice.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-48919","publishedAt":"2024-10-22T21:15:06.813Z","cveId":"CVE-2024-48919","cweIds":["CWE-20"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Cursor"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00231,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}