Nixpkgs security tracker
Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this required the ability to execute commands through Claude Code with the "accept edits" feature enabled. This issue has been patched in version 2.0.55.
References
Affected products
- ==< 2.0.55
Matching in nixpkgs
pkgs.claude-code
Agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster
pkgs.claude-code-acp
ACP-compatible coding agent powered by the Claude Code SDK
pkgs.claude-code-bin
Agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster
pkgs.claude-code-router
Tool to route Claude Code requests to different models and customize any request
pkgs.gnomeExtensions.claude-code-switcher
A GNOME shell extension for quickly switching Claude Code API providers with enhanced performance and reliability.
pkgs.vscode-extensions.anthropic.claude-code
Harness the power of Claude Code without leaving your IDE
pkgs.gnomeExtensions.claude-code-usage-indicator
Shows remaining time and usage percentage for Claude Code sessions in the top panel. Displays format like '3h 12m (30%)' showing both time remaining and percentage consumed. Automatically refreshes every 5 minutes.
Package maintainers
-
@markus1189 Markus Hauck <markus1189@gmail.com>
-
@omarjatoi Omar Jatoi
-
@malob Malo Bourgon <mbourgon@gmail.com>
-
@storopoli Jose Storopoli <jose@storopoli.com>
-
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
-
@honnip Jung seungwoo <me@honnip.page>
-
@xiaoxiangmoe ZHAO JinXiang <xiaoxiangmoe@gmail.com>
-
@mirkolenz Mirko Lenz <mirko@mirkolenz.com>