2 matches found
CVE-2026-46406 Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write
Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...
CVE-2024-32152
CVE-2024-32152 affects Ankitects Anki 24.04’s LaTeX processing, where a specially crafted flashcard can bypass the blocklist and cause arbitrary file creation at a fixed path. The issue arises from the LaTeX blocklist bypass in the Anki LaTeX module, enabling an attacker to trigger file creation ...