Описание
Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to version 1.0.105 or the latest version.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.105 (исключая)
cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 24%
0.00083
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-94
Связанные уязвимости
github
5 месяцев назад
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
EPSS
Процентиль: 24%
0.00083
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-94