CNNVD-202512-349 Information
Dec 03, 2025
cve
CNNVD ID
CNNVD-202512-349
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
Claude Code是Anthropic开源的一个代理编码工具。 Claude Code 1.0.93之前版本存在命令注入漏洞,该漏洞源于解析shell命令时存在错误,可能导致绕过只读验证和执行任意代码。
Description (English)
Claude Code is a proxy coding tool for the Anthropic open source. The previous version of Claude Code 1.0.93 had a command-infusion loophole, which stemmed from errors in the analysis of the shell command, which could lead to the circumvention of read-only authentication and the enforcement of arbitrary codes.
Hazard Level
Medium
Vulnerability Type
命令注入
Affected Vendor
Anthropic
Published
2025-12-03
Last Modified
2026-02-24
References
https://github.com/anthropics/claude-code/security/advisories/GHSA-xq4m-mc3c-vvg3
Patch
https://code.claude.com/docs/en/overview
Share on: