Lucene search
K

4 matches found

Veracode
Veracode
added 2026/02/17 10:55 a.m.10 views

Command Validation Bypass

@anthropic-ai/claude-code is vulnerable to command validation bypass. The vulnerability is due to improper validation of piped sed operations with the echo command, which allows an attacker to bypass file write restrictions and write to sensitive directories when the “accept edits” feature is...

7.7CVSS5.6AI score0.00264EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

Claude Code 操作系统命令注入漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.0.55 contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficient validation of commands that utilized the echo...

7.7CVSS5.8AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.11 views

PT-2026-6862

Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this require...

7.7CVSS5.7AI score0.00264EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.9 views

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Versions 20, 22, 24, and 25 of Node.js contain security vulnerabilities. These vulnerabilities stem from flaws in the permission model, which could allow attackers to bypass file system...

9.1CVSS7.1AI score0.01633EPSS
Exploits2References2
Rows per page
Query Builder