Cursor Mermaid Diagram Tool Arbitrary Image Fetch Vulnerability

A vulnerability in Cursor versions prior to 1.3 allows for arbitrary image fetching in the Mermaid diagram tool, which can be exploited to exfiltrate sensitive information. After successfully performing a prompt injection, an attacker can embed images that are rendered in the chat box. This embedded image can then be fetched by an external server controlled by the attacker, potentially leading to the leakage of confidential data. The vulnerability requires prompt injection from malicious sources such as web content, image uploads, or source code. Additionally, a malicious model could exploit this issue at will.

Impact

Exploitation of this vulnerability could result in the unauthorized exfiltration of sensitive information to an external server controlled by an attacker.

Remediation

Users can upgrade to Cursor version 1.3 to address this vulnerability. In this version, all remote images are removed from Mermaid diagrams before rendering.