Malicious code in @wengine-ai/claude-code-router-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45e362000d036139e02a066a82ec157314a07796e0e855cdce184cc081ca4591 dist/index.js line 14 issues a fetch call to https://pub-0dc3e1677e894f07bbea11b17a29e032.r2.dev, an anonymous Cloudflare R2 bucket, and references...

CVE-2025-57755

claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could...

CVE-2025-57755

claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could...

CVE-2025-57755

CVE-2025-57755 concerns claude-code-router, where improper CORS configuration risks exposing user API keys or credentials to untrusted domains. The vulnerability affects the router’s cross-origin handling and could enable credential leakage, credential abuse, quota exhaustion, or access to sensit...

CVE-2025-57755 claude-code-router CORS. misconfiguration

claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could...

CVE-2025-57755 claude-code-router CORS. misconfiguration

claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could...

CVE-2025-57755 claude-code-router CORS. misconfiguration

claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could...

@cloudbase/cli (>=2.8.19 <=2.11.7) potentially affected by CVE-2025-57755 via @musistudio/claude-code-router (=1.0.36)

@musistudio/claude-code-router NPM version =1.0.36 is affected by a known vulnerability. The following packages have a transitive dependency on @musistudio/claude-code-router and may be impacted: - @cloudbase/cli =2.8.19, =2.11.7 Source cves: CVE-2025-57755 Source advisory:...

Claude Code Router 安全漏洞

Claude Code Router is an enhancement to the flexibility and customizability of Claude Code by musi individual developers. A security vulnerability exists in Claude Code Router versions prior to 1.0.34, which stems from a misconfiguration of cross-resource sharing that could lead to credential...

PT-2025-34244 · Anthropic · Claude-Code-Router

Name of the Vulnerable Software and Affected Versions: claude-code-router versions prior to 1.0.34 Description: claude-code-router is susceptible to a Cross-Origin Resource Sharing CORS misconfiguration. This allows potential exposure of user API Keys or equivalent credentials to unauthorized...