Описание
Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.31 (исключая)
cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 27%
0.00096
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78
Связанные уязвимости
github
3 месяца назад
@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes
EPSS
Процентиль: 27%
0.00096
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78