Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email

At startup, Claude Code constructed a shell command that interpolated the value of git config user.email from the current workspace. If an attacker controlled the repository’s Git config e.g., via a malicious .git/config and set user.email to a crafted payload, the unescaped interpolation could...

CVE-2025-59041

CVE-2025-59041 affects Claude Code, an agentic coding tool. At startup, Claude Code constructed a shell command interpolating the value of git config user.email, enabling arbitrary code execution if the configuration is maliciously crafted before the workspace trust dialog is accepted. The issue ...

CVE-2025-59041 Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email

Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. User...

PT-2025-37056

Name of the Vulnerable Software and Affected Versions: Claude Code versions prior to 1.0.105 Description: Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git...