CVE-2026-31861

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...

CVE-2026-31861 Shell Command Injection in Git Routes [CloudCLI UI]

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...

CVE-2025-59041

Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. User...

CVE-2025-59041 Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email

Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. User...

Ubuntu 18.04 LTS / 20.04 LTS : Git regression (USN-5810-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5810-2 advisory. USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Tenab...

Debian: Security Advisory (DLA-1120-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : git (openSUSE-SU-2013:0380-1)

git imap-send was fixed to do SSL host verification. This can be disabled if necessary in the config file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-170. The text descripti...

Debian Security Advisory DSA 1777-1 (git-core)

The remote host is missing an update to git-core announced via advisory DSA 1777-1. OpenVAS Vulnerability Test $Id: deb17771.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1777-1 git-core Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...