Nixpkgs security tracker
Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection
Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.57.
References
Affected products
- ==< 2.0.57
Matching in nixpkgs
pkgs.claude-code
Agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster
pkgs.claude-code-acp
ACP-compatible coding agent powered by the Claude Code SDK
pkgs.claude-code-bin
Agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster
pkgs.claude-code-router
Tool to route Claude Code requests to different models and customize any request
pkgs.gnomeExtensions.claude-code-switcher
A GNOME shell extension for quickly switching Claude Code API providers with enhanced performance and reliability.
pkgs.vscode-extensions.anthropic.claude-code
Harness the power of Claude Code without leaving your IDE
pkgs.gnomeExtensions.claude-code-usage-indicator
Shows remaining time and usage percentage for Claude Code sessions in the top panel. Displays format like '3h 12m (30%)' showing both time remaining and percentage consumed. Automatically refreshes every 5 minutes.
Package maintainers
-
@markus1189 Markus Hauck <markus1189@gmail.com>
-
@omarjatoi Omar Jatoi
-
@malob Malo Bourgon <mbourgon@gmail.com>
-
@storopoli Jose Storopoli <jose@storopoli.com>
-
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
-
@honnip Jung seungwoo <me@honnip.page>
-
@xiaoxiangmoe ZHAO JinXiang <xiaoxiangmoe@gmail.com>
-
@mirkolenz Mirko Lenz <mirko@mirkolenz.com>