6 matches found
Claude Code 代码注入漏洞
Claude Code is an open source proxy coding tool from Anthropic. A code injection vulnerability exists in Claude Code versions prior to 1.0.39, which stems from the possibility of executing project code via the yarn plugin without the user having to accept the startup trust dialog in Yarn 3.0 and...
Arbitrary Code Execution
@anthropic-ai/claude-code is vulnerable to Arbitrary Code Execution. The vulnerability is due to the automatic execution of Yarn plugins when running yarn --version, which allows an attacker to bypass the directory trust dialog and execute code before the user confirms trust in the directory...
Missing Authorization
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Missing Authorization via the...
Claude Code 安全漏洞
Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in versions prior to Claude Code 1.0.39, which stems from the Yarn plugin auto-execution and could lead to bypassing the directory trust dialog...
Malicious code in yarn-plugin-backstage (npm)
The package yarn-plugin-backstage was found to contain malicious code...
MAL-2025-46785 Malicious code in yarn-plugin-backstage (npm)
The package yarn-plugin-backstage was found to contain malicious code...