Описание
Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory and to be using Yarn 3.0 or above. This issue has been patched in version 1.0.39.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.39 (исключая)
cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 31%
0.00113
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-94
Связанные уязвимости
github
3 месяца назад
Claude Code vulnerable to command execution prior to startup trust dialog
EPSS
Процентиль: 31%
0.00113
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-94