CNNVD-202509-3781 Information

CNNVD ID

CNNVD-202509-3781

Related CVE

CVE-2025-59828

• CNNVD Published: 2025-09-24

Description (Chinese)

Claude Code是Anthropic开源的一个代理编码工具。 Claude Code 1.0.39之前版本存在安全漏洞，该漏洞源于Yarn插件自动执行，可能导致绕过目录信任对话框。

Description (English)

Claude Code is a proxy coding tool for the Anthropic open source. The previous version of Claude Code 1.0.39 had a security loophole, which originated from the automatic execution of the Yarn plugin and could lead to circumventing the directory trust dialogue box.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Anthropic-experimental

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-2jjv-qf24-vfm4 https://access.redhat.com/security/cve/cve-2025-59828

Patch

https://github.com/anthropics/claude-code