41 matches found
CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh
claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...
CVE-2026-45136
Claude Code cache proxy claude-code-cache-fix is vulnerable to local code execution due to a Python triple-quote injection in tools/quota-statusline.sh. From v3.5.0–v3.5.1, user-controlled payloads can embed a ''' sequence which closes the Python literal and executes subsequent bytes in the user’...
CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh
claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...
CVE-2026-45136
claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...
NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh vulnerability discovered by ? in WordPress Npm claude-code-cache-fix versions = 3.5.0, 3.5.2...
GHSA-G3XQ-3GMV-QQ8G claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...
claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...
PT-2026-40724
Name of the Vulnerable Software and Affected Versions claude-code-cache-fix versions 3.5.0 through 3.5.1 Description The tools/quota-statusline.sh script interpolates the Claude Code hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled...
OESA-2026-2160 nano security update
Nano is a tiny GNU editor Security Fixes: A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which...
EUVD-2026-24708
A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...
CVE-2026-6843
A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...
CVE-2026-6843
A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...
CVE-2026-6843
CVE-2026-6843 affects the nano editor. A local user can trigger a format string vulnerability in the statusline() function by creating a directory whose name contains printf specifiers; nano attempts to display this name and may segfault, causing a Denial of Service. The vulnerability is document...
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...
CVE-2026-6843
A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...
CVE-2026-6843
A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...
PT-2026-34312
Name of the Vulnerable Software and Affected Versions nano affected versions not specified Description A local user can cause a Denial of Service in the application by exploiting a format string flaw in the statusline function. This occurs when the application attempts to display a directory name...
Red Hat Enterprise Linux 格式化字符串错误漏洞
Red Hat Enterprise Linux is a Linux operating system for enterprise users developed by Red Hat, Inc. Red Hat Enterprise Linux 10 contains a vulnerability related to format string errors. This vulnerability stems from a flaw in the statusline function’s handling of format strings. Local users can...
Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1539)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1539 advisory. Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault SEGV exist in Vim's swap file recovery logic. Both are caused b...