Описание
Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.93 (исключая)
cpe:2.3:a:anthropic:claude_code:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 36%
0.00151
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-77
Связанные уязвимости
github
2 месяца назад
Claude Code Command Validation Bypass Allows Arbitrary Code Execution
EPSS
Процентиль: 36%
0.00151
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-77