Описание
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
At startup, Claude Code constructed a shell command that interpolated the value of git config user.email from the current workspace. If an attacker controlled the repository’s Git config (e.g., via a malicious .git/config) and set user.email to a crafted payload, the unescaped interpolation could trigger arbitrary command execution before the user accepted the workspace-trust dialog. The issue affects versions prior to 1.0.105. The fix in 1.0.105 avoids executing commands built from untrusted configuration and properly validates/escapes inputs.
- Patches: Update to
@anthropic-ai/claude-code1.0.105or later. - Workarounds: Open only trusted workspaces and inspect repository
.git/configbefore launch; avoid inheriting untrusted Git configuration values.
Thank you to the NVIDIA AI Red Team for reporting this issue!
Пакеты
@anthropic-ai/claude-code
< 1.0.105
1.0.105
Связанные уязвимости
Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with `git config user.email`. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to version 1.0.105 or the latest version.