CNNVD-202508-1892 Information

CNNVD ID

CNNVD-202508-1892

Related CVE

CVE-2025-55284

• CNNVD Published: 2025-08-16

Description (Chinese)

Claude Code是Anthropic开源的一个代理编码工具。 Claude Code 1.0.4之前版本存在操作系统命令注入漏洞，该漏洞源于安全命令允许列表过于宽泛，可能导致未经确认的文件读取和网络传输。

Description (English)

Claude Code is a proxy coding tool for the Anthropic open source. There was a gap in the operating system command from the previous version of Claude Code 1.4, which stemmed from the security order allowed list being too broad, which could lead to unauthorized document reading and network transmission.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

Anthropic

Published

2025-08-16

Last Modified

2026-02-24

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-x5gv-jw7f-j6xj https://nvd.nist.gov/vuln/detail/CVE-2025-55284

Patch

https://github.com/anthropics/claude-code