Lucene search
K

21 matches found

GithubExploit
GithubExploit
added 2026/04/19 6:22 a.m.104 views

Exploit for Code Injection in Anthropic Claude_Code

CVE-2025-59536 - the startup trust dialog implementation. Clau...

8.8CVSS6AI score0.30227EPSS
Exploits6
Veracode
Veracode
added 2026/03/06 11:2 a.m.5 views

Arbitrary Code Execution

Claude Code is vulnerable to Arbitrary Code Execution. The vulnerability is due to Yarn plugin execution occurring before the startup trust dialog when running in a project using Yarn 3.0 or above, allowing malicious project plugins to execute code if a user launches Claude Code in an untrusted...

9.8CVSS6AI score0.00441EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/03/04 4:54 a.m.158 views

Exploit for Code Injection in Anthropic Claude_Code

CVE-2025-59536 - the startup trust dialog implementation. Clau...

8.8CVSS6.2AI score0.30227EPSS
Exploits6
Veracode
Veracode
added 2025/11/25 8:30 a.m.5 views

Code Injection

@anthropic-ai/claude-code is vulnerable to code injection.The vulnerability is due to a flaw in the startup trust dialog that allows an attacker to trick the tool into executing untrusted project code before the user approves the dialog...

8.8CVSS7.1AI score0.30227EPSS
Exploits6References2Affected Software1
EUVD
EUVD
added 2025/11/19 8:33 p.m.5 views

EUVD-2025-198179

Claude Code vulnerable to command execution prior to startup trust dialog...

7.7CVSS6.7AI score0.00441EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/11/19 8:33 p.m.20 views

Claude Code vulnerable to command execution prior to startup trust dialog

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

9.8CVSS7.3AI score0.00441EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/11/19 8:33 p.m.7 views

GHSA-5HHX-V7F6-X7GV Claude Code vulnerable to command execution prior to startup trust dialog

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

7.7CVSS7.2AI score0.00441EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/19 5:35 p.m.19 views

CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

7.7CVSS0.00441EPSS
Exploits0References1
OSV
OSV
added 2025/11/19 5:35 p.m.6 views

CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

7.7CVSS5.9AI score0.00441EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/19 5:35 p.m.5 views

CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

7.7CVSS7AI score0.00441EPSS
Exploits0References1
CVE
CVE
added 2025/11/19 5:35 p.m.32 views

CVE-2025-65099

CVE-2025-65099 – Claude Code pre‑startup trust bypass via Yarn 3.x plugins is raised for Claude Code prior to 1.0.39. The issue allowed code execution from a project directory by exploiting Yarn 3.0+ plugins before the startup trust dialog was accepted. Affected scenario required running Claude C...

9.8CVSS7.1AI score0.00441EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.5 views

PT-2025-47513

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.39 Description Prior to version 1.0.39, Claude Code could be tricked into executing code contained in a project through Yarn plugins before the user accepted the startup trust dialog, when running on a machine...

7.7CVSS6.8AI score0.00441EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.6 views

Claude Code 代码注入漏洞

Claude Code is an open source proxy coding tool from Anthropic. A code injection vulnerability exists in Claude Code versions prior to 1.0.39, which stems from the possibility of executing project code via the yarn plugin without the user having to accept the startup trust dialog in Yarn 3.0 and...

9.8CVSS7.2AI score0.00441EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-32229

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.30227EPSS
Exploits6References2
Github Security Blog
Github Security Blog
added 2025/10/03 2:16 p.m.6 views

Claude Code can execute commands prior to the startup trust dialog

Due to a bug in the startup trust dialog implementation, Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update...

8.8CVSS7.4AI score0.30227EPSS
Exploits6References3Affected Software1
OSV
OSV
added 2025/10/03 2:16 p.m.2 views

GHSA-4FGQ-FPQ9-MR3G Claude Code can execute commands prior to the startup trust dialog

Due to a bug in the startup trust dialog implementation, Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update...

8.7CVSS7.4AI score0.30227EPSS
Exploits6References3
Vulnrichment
Vulnrichment
added 2025/10/03 6:34 a.m.2 views

CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...

8.7CVSS7.2AI score0.30227EPSS
Exploits6References1
Cvelist
Cvelist
added 2025/10/03 6:34 a.m.9 views

CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...

8.7CVSS0.30227EPSS
Exploits6References1
CVE
CVE
added 2025/10/03 6:34 a.m.32 views

CVE-2025-59536

Claude Code (Anthropic) versions before 1.0.111 are vulnerable to code injection due to a flaw in the startup trust dialog. An attacker could trick a user into starting Claude Code in an untrusted project directory, causing code from that project to execute before the user accepts the startup tru...

8.8CVSS7.2AI score0.30227EPSS
Exploits6References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.4 views

PT-2025-40458

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.111 Description Claude Code is an agentic coding tool that contains a bug in the startup trust dialog implementation. This flaw allows for code injection, where the tool can be tricked into executing code...

8.8CVSS6.2AI score0.30227EPSS
Exploits6References78
Rows per page
Query Builder