"The vulnerability, revealed by AI security company Adversa, is that if Claude Code is presented with a command composed of more than 50 subcommands, then for subcommands after the 50th it will override compute-intensive security analysis that might otherwise have blocked some of them."
"The user, assuming that the block rules are still in effect, may unthinkingly authorize the action."
"Incredibly, the vulnerability is documented in the code, and Anthropic has already developed a fix for it, the tree-sitter parser, which is also in the code but not enabled in public builds that customers use."
A vulnerability in Claude Code allows commands with over 50 subcommands to bypass security checks. This flaw, identified by Adversa, leads to a situation where users may unknowingly authorize potentially harmful actions. The vulnerability is documented within the code, and a fix has been developed by Anthropic, involving the tree-sitter parser, although it is not activated in the public versions available to customers.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]