CNNVD-202602-246 Information
Feb 03, 2026
cve
CNNVD ID
CNNVD-202602-246
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Claude Code是Anthropic开源的一个代理编码工具。 Claude Code 2.0.74之前版本存在跨站脚本漏洞,该漏洞源于解析ZSH clobber语法时存在Bash命令验证缺陷,可能导致绕过目录限制并写入文件。
Description (English)
Claude Code is a proxy coding tool for the Anthropic open source. The pre-Claude Code 2.0.74 version has a cross-site script loophole, which stems from a Bash command verification defect when deconstructing ZSH clobber syntax, which may lead to circumventing directory limits and writing files.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Anthropic
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/anthropics/claude-code/security/advisories/GHSA-q728-gf8j-w49r
Patch
https://github.com/anthropics/claude-code/releases
Share on: