21 matches found
Exploit for Code Injection in Anthropic Claude_Code
CVE-2025-59536 - the startup trust dialog implementation. Clau...
Arbitrary Code Execution
Claude Code is vulnerable to Arbitrary Code Execution. The vulnerability is due to Yarn plugin execution occurring before the startup trust dialog when running in a project using Yarn 3.0 or above, allowing malicious project plugins to execute code if a user launches Claude Code in an untrusted...
Exploit for Code Injection in Anthropic Claude_Code
CVE-2025-59536 - the startup trust dialog implementation. Clau...
Code Injection
@anthropic-ai/claude-code is vulnerable to code injection.The vulnerability is due to a flaw in the startup trust dialog that allows an attacker to trick the tool into executing untrusted project code before the user approves the dialog...
EUVD-2025-198179
Claude Code vulnerable to command execution prior to startup trust dialog...
Claude Code vulnerable to command execution prior to startup trust dialog
When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...
GHSA-5HHX-V7F6-X7GV Claude Code vulnerable to command execution prior to startup trust dialog
When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...
CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog
Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...
CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog
Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...
CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog
Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...
CVE-2025-65099
CVE-2025-65099 – Claude Code pre‑startup trust bypass via Yarn 3.x plugins is raised for Claude Code prior to 1.0.39. The issue allowed code execution from a project directory by exploiting Yarn 3.0+ plugins before the startup trust dialog was accepted. Affected scenario required running Claude C...
PT-2025-47513
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.39 Description Prior to version 1.0.39, Claude Code could be tricked into executing code contained in a project through Yarn plugins before the user accepted the startup trust dialog, when running on a machine...
Claude Code 代码注入漏洞
Claude Code is an open source proxy coding tool from Anthropic. A code injection vulnerability exists in Claude Code versions prior to 1.0.39, which stems from the possibility of executing project code via the yarn plugin without the user having to accept the startup trust dialog in Yarn 3.0 and...
EUVD-2025-32229
Malicious code in bioql PyPI...
Claude Code can execute commands prior to the startup trust dialog
Due to a bug in the startup trust dialog implementation, Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update...
GHSA-4FGQ-FPQ9-MR3G Claude Code can execute commands prior to the startup trust dialog
Due to a bug in the startup trust dialog implementation, Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update...
CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...
CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...
CVE-2025-59536
Claude Code (Anthropic) versions before 1.0.111 are vulnerable to code injection due to a flaw in the startup trust dialog. An attacker could trick a user into starting Claude Code in an untrusted project directory, causing code from that project to execute before the user accepts the startup tru...
PT-2025-40458
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.111 Description Claude Code is an agentic coding tool that contains a bug in the startup trust dialog implementation. This flaw allows for code injection, where the tool can be tricked into executing code...