9 matches found
CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh
claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...
CVE-2026-45136
claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...
CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh
claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...
CVE-2026-45136
Claude Code cache proxy claude-code-cache-fix is vulnerable to local code execution due to a Python triple-quote injection in tools/quota-statusline.sh. From v3.5.0βv3.5.1, user-controlled payloads can embed a ''' sequence which closes the Python literal and executes subsequent bytes in the userβ...
Code Injection
claude-code-cache-fix is vulnerable to code injection. The vulnerability is due to tools/quota-statusline.sh directly interpolating Claude Code hook stdin payloads into a Python triple-quoted string literal without proper sanitization, which allows an attacker to inject a ''' sequence and execute...
NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh vulnerability discovered by ? in WordPress Npm claude-code-cache-fix versions = 3.5.0, 3.5.2...
GHSA-G3XQ-3GMV-QQ8G claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...
claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...
PT-2026-40724
Name of the Vulnerable Software and Affected Versions claude-code-cache-fix versions 3.5.0 through 3.5.1 Description The tools/quota-statusline.sh script interpolates the Claude Code hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled...