Количество 2
Количество 2
CVE-2025-66032
Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.
GHSA-xq4m-mc3c-vvg3
Claude Code Command Validation Bypass Allows Arbitrary Code Execution
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-66032 Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93. | CVSS3: 9.8 | 0% Низкий | 2 месяца назад |
| GHSA-xq4m-mc3c-vvg3 Claude Code Command Validation Bypass Allows Arbitrary Code Execution | 0% Низкий | 2 месяца назад |
Уязвимостей на страницу