Количество 2
Количество 2
CVE-2025-65099
Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory and to be using Yarn 3.0 or above. This issue has been patched in version 1.0.39.
GHSA-5hhx-v7f6-x7gv
Claude Code vulnerable to command execution prior to startup trust dialog
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-65099 Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory and to be using Yarn 3.0 or above. This issue has been patched in version 1.0.39. | CVSS3: 9.8 | 0% Низкий | 3 месяца назад |
| GHSA-5hhx-v7f6-x7gv Claude Code vulnerable to command execution prior to startup trust dialog | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу