Lucene search
K

9 matches found

Cvelist
Cvelist
β€’added 2026/05/27 8:48 p.m.β€’50 views

CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS0.00188EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
β€’added 2026/05/27 8:48 p.m.β€’12 views

CVE-2026-45136

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS5.9AI score0.00188EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
β€’added 2026/05/27 8:48 p.m.β€’10 views

CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS5.9AI score0.00188EPSS
Exploits1References3
CVE
CVE
β€’added 2026/05/27 8:48 p.m.β€’19 views

CVE-2026-45136

Claude Code cache proxy claude-code-cache-fix is vulnerable to local code execution due to a Python triple-quote injection in tools/quota-statusline.sh. From v3.5.0–v3.5.1, user-controlled payloads can embed a ''' sequence which closes the Python literal and executes subsequent bytes in the user’...

8.6CVSS5.9AI score0.00188EPSS
Exploits1References3Affected Software1
Veracode
Veracode
β€’added 2026/05/16 5:14 a.m.β€’7 views

Code Injection

claude-code-cache-fix is vulnerable to code injection. The vulnerability is due to tools/quota-statusline.sh directly interpolating Claude Code hook stdin payloads into a Python triple-quoted string literal without proper sanitization, which allows an attacker to inject a ''' sequence and execute...

8.6CVSS6.2AI score0.00188EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
β€’added 2026/05/13 3:31 p.m.β€’10 views

NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh vulnerability discovered by ? in WordPress Npm claude-code-cache-fix versions = 3.5.0, 3.5.2...

8.6CVSS6.2AI score0.00188EPSS
Exploits1References5Affected Software1
OSV
OSV
β€’added 2026/05/13 3:31 p.m.β€’6 views

GHSA-G3XQ-3GMV-QQ8G claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...

8.6CVSS6.3AI score0.00188EPSS
Exploits1References6
Github Security Blog
Github Security Blog
β€’added 2026/05/13 3:31 p.m.β€’13 views

claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...

8.6CVSS6.3AI score0.00188EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
β€’added 2026/05/13 12:0 a.m.β€’18 views

PT-2026-40724

Name of the Vulnerable Software and Affected Versions claude-code-cache-fix versions 3.5.0 through 3.5.1 Description The tools/quota-statusline.sh script interpolates the Claude Code hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled...

8.6CVSS5.9AI score0.00188EPSS
Exploits1References9
Rows per page
Query Builder