Lucene search
+L

9 matches found

cvelist
cvelist
β€’added 2026/05/27 8:48 p.m.β€’50 views

CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS0.00188EPSS
Exploits1References3
vulnrichment
vulnrichment
β€’added 2026/05/27 8:48 p.m.β€’11 views

CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS5.9AI score0.00188EPSS
Exploits1References3
attackerkb
attackerkb
β€’added 2026/05/27 8:48 p.m.β€’12 views

CVE-2026-45136

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS5.9AI score0.00188EPSS
Exploits1References4Affected Software1
cve
cve
β€’added 2026/05/27 8:48 p.m.β€’19 views

CVE-2026-45136

Claude Code cache proxy claude-code-cache-fix is vulnerable to local code execution due to a Python triple-quote injection in tools/quota-statusline.sh. From v3.5.0–v3.5.1, user-controlled payloads can embed a ''' sequence which closes the Python literal and executes subsequent bytes in the user’...

8.6CVSS5.9AI score0.00188EPSS
Exploits1References3Affected Software1
veracode
veracode
β€’added 2026/05/16 5:14 a.m.β€’7 views

Code Injection

claude-code-cache-fix is vulnerable to code injection. The vulnerability is due to tools/quota-statusline.sh directly interpolating Claude Code hook stdin payloads into a Python triple-quoted string literal without proper sanitization, which allows an attacker to inject a ''' sequence and execute...

8.6CVSS6.2AI score0.00188EPSS
Exploits1References2Affected Software1
patchstack
patchstack
β€’added 2026/05/13 3:31 p.m.β€’10 views

NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh vulnerability discovered by ? in WordPress Npm claude-code-cache-fix versions = 3.5.0, 3.5.2...

8.6CVSS6.2AI score0.00188EPSS
Exploits1References5Affected Software1
osv
osv
β€’added 2026/05/13 3:31 p.m.β€’6 views

GHSA-G3XQ-3GMV-QQ8G claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...

8.6CVSS6.3AI score0.00188EPSS
Exploits1References6
github
github
β€’added 2026/05/13 3:31 p.m.β€’13 views

claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...

8.6CVSS6.3AI score0.00188EPSS
Exploits1References6Affected Software1
ptsecurity
ptsecurity
β€’added 2026/05/13 12:0 a.m.β€’19 views

PT-2026-40724

Name of the Vulnerable Software and Affected Versions claude-code-cache-fix versions 3.5.0 through 3.5.1 Description The tools/quota-statusline.sh script interpolates the Claude Code hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled...

8.6CVSS5.9AI score0.00188EPSS
Exploits1References9
Rows per page
Query Builder