CNNVD-202511-2168 Information
Nov 19, 2025
cve
CNNVD ID
CNNVD-202511-2168
Related CVE
- CNNVD Published: 2025-11-19
Description (Chinese)
Claude Code是Anthropic开源的一个代理编码工具。 Claude Code 1.0.39之前版本存在代码注入漏洞,该漏洞源于在Yarn 3.0及以上环境中可能通过yarn插件执行项目代码,无需用户接受启动信任对话框。
Description (English)
Claude Code is a proxy coding tool for the Anthropic open source. Claude Code 1.0.39 has a code-injecting loophole, which stems from the possibility of implementing project codes in Yarn 3.0 and above through the Yarn plugin without user acceptance of the startup trust dialogue box.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
Anthropic
Published
2025-11-19
Last Modified
2026-02-24
References
https://github.com/anthropics/claude-code/security/advisories/GHSA-5hhx-v7f6-x7gv
Patch
https://www.claude.com/download
Share on: