Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution
Vulnerability Description
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor execution during worktree operations, an attacker could overwrite files in the user's home directory (such as .zshenv), leading to code execution outside of seatbelt sandbox restrictions. Reliably exploiting this required the user to clone a malicious repository containing prompt injection content and run Claude Code against it. This vulnerability is fixed in 2.1.163.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Anthropic Claude Code 路径遍历漏洞
Vulnerability Description
anthropics claude-code是anthropics的AI辅助编程工具。 Anthropic Claude Code 2.1.38版本至2.1.163之前版本存在安全漏洞,该漏洞源于工作树处理允许创建名为“.git”的工作树并导航到沙箱环境之外的工作树,导致git目录混淆攻击,通过利用符号链接操作和git fsmonitor执行,攻击者可以覆盖用户主目录中的文件,导致在seatbelt沙箱限制之外执行代码。
CVSS Information
N/A
Vulnerability Type
N/A