漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Claude Code vulnerable to command execution prior to startup trust dialog
Vulnerability Description
Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory and to be using Yarn 3.0 or above. This issue has been patched in version 1.0.39.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Claude Code 代码注入漏洞
Vulnerability Description
Claude Code是Anthropic开源的一个代理编码工具。 Claude Code 1.0.39之前版本存在代码注入漏洞,该漏洞源于在Yarn 3.0及以上环境中可能通过yarn插件执行项目代码,无需用户接受启动信任对话框。
CVSS Information
N/A
Vulnerability Type
N/A