漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
Vulnerability Description
Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with `git config user.email`. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to version 1.0.105 or the latest version.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Claude Code 代码注入漏洞
Vulnerability Description
Claude Code是Anthropic开源的一个代理编码工具。 Claude Code 1.0.105之前版本存在代码注入漏洞,该漏洞源于git配置中的恶意用户邮箱可能导致任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A