CVE-2024-41997

Vulnerability

Overview

An issue has been discovered in Warp Terminal versions prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. The flaw lies in how the application handles the warp://action/docker/open_subshell custom protocol intent. An attacker can craft a hyperlink that, when clicked by a victim, injects arbitrary commands that are subsequently executed on the victim's machine [1][3].

Exploitation

Prerequisites

Exploitation requires user interaction: the victim must click the malicious hyperlink. No authentication is needed to craft the link, and the attack can be delivered via any vector that allows a clickable link (e.g., email, chat, or a web page). The warp:// protocol handler is registered by the Warp Terminal installation [3].

Impact

Successful exploitation results in arbitrary command execution on the victim's machine with the privileges of the Warp Terminal process. This could allow an attacker to install malware, exfiltrate data, or pivot to other systems on the network. The vulnerability is rated as CVSS 6.6 Medium severity [header].

Mitigation

The issue is fixed in Warp Terminal version 2024.07.18 (v0.2024.07.16.08.02). Users should update immediately. No workarounds are mentioned in the references, though disabling the custom protocol handler or Docker integration could reduce risk [3][4].