"The ability to execute arbitrary commands through repository-controlled configuration files created severe supply chain risks, where a single malicious commit could compromise any developer working with the affected repository. Any contributor with commit access can modify these files. The researchers found that cloning and opening a malicious repository sometimes allowed them to bypass built-in safeguards and trigger hidden commands and execute malicious code."
"The three security vulnerabilities stem from Claude's design, which is intended to make it easier for development teams to collaborate. The AI coding tool enables this by embedding project-level configuration files (.claude/settings.json file) directly within repositories, so that when a developer clones a project, they automatically apply the same settings used by their teammates."
Check Point Software researchers discovered three security flaws in Claude Code that could enable attackers to execute arbitrary commands and steal API keys by injecting malicious configurations into repositories. The vulnerabilities stem from Claude's design, which stores project-level configuration files (.claude/settings.json) directly within repositories to facilitate team collaboration. When developers clone projects, these settings automatically apply. Any contributor with commit access can modify these files, potentially bypassing safeguards and triggering hidden commands. Anthropic issued fixes for all three flaws and CVEs for two. Researchers warn these vulnerabilities illustrate a broader supply chain threat as enterprises integrate AI coding tools into development processes, effectively creating new attack surfaces through configuration files.
#claude-code-security #supply-chain-vulnerabilities #remote-code-execution #ai-development-tools #repository-configuration-attacks
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]