漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Claude Code Has Permission Deny Bypass Through Symbolic Links
Vulnerability Description
Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /etc/passwd) and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude Code to read the restricted file through the symlink without triggering deny rule enforcement. This issue has been patched in version 2.1.7.
CVSS Information
N/A
Vulnerability Type
CWE-61
Vulnerability Title
Claude Code 授权问题漏洞
Vulnerability Description
Claude Code是Anthropic开源的一个终端原生AI编程工具。 Claude Code 2.1.7之前版本存在授权问题漏洞,该漏洞源于通过符号链接访问文件时未能严格执行settings.json中配置的拒绝规则,可能导致读取受限制的文件。
CVSS Information
N/A
Vulnerability Type
N/A