Описание
Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to version 1.0.105 or the latest version.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.105 (исключая)
cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 29%
0.00103
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-94
Связанные уязвимости
github
5 месяцев назад
Claude Code rg vulnerability does not protect against approval prompt bypass
EPSS
Процентиль: 29%
0.00103
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-94