7 matches found
CVE-2026-31861
Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...
CVE-2026-31861 Shell Command Injection in Git Routes [CloudCLI UI]
Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...
CVE-2026-31861
CVE-2026-31861 affects Cloud CLI (Claude Code UI). The /api/user/git-config endpoint interpolates user-supplied gitName/gitEmail into shell commands executed via child_process.exec(), placing input inside double quotes with only " escaped. Bash will still interpret backticks, $() substitutions, a...
CVE-2026-31861 Shell Command Injection in Git Routes [CloudCLI UI]
Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...
Cloud CLI 代码注入漏洞
Cloud CLI is a multi-model AI programming assistant desktop and mobile interface open-sourced by Siteboon. Versions of Cloud CLI prior to 1.24.0 contained a code injection vulnerability. This vulnerability stemmed from the /api/user/git-config endpoint constructing shell commands without properly...
Arbitrary Code Injection
Overview @siteboon/claude-code-ui is an A web-based UI for Claude Code CLI Affected versions of this package are vulnerable to Arbitrary Code Injection in the git-config endpoint due to improper sanitization of user-supplied input in shell command construction. An attacker can execute arbitrary O...
PT-2026-24752
Shell Command Injection in User Git Config Endpoint | Field | Value | |-------|-------| | Severity | High | | CVSS 3.1 | 8.8 High — when chained with VULN-01 | | CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' | | Attack Vector | Network | |...