CVE-2025-59041: Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email

At startup, Claude Code constructed a shell command that interpolated the value of git config user.email from the current workspace. If an attacker controlled the repository’s Git config (e.g., via a malicious .git/config) and set user.email to a crafted payload, the unescaped interpolation could trigger arbitrary command execution before the user accepted the workspace-trust dialog. The issue affects versions prior to 1.0.105. The fix in 1.0.105 avoids executing commands built from untrusted configuration and properly validates/escapes inputs.

• Patches: Update to @anthropic-ai/claude-code 1.0.105 or later.
• Workarounds: Open only trusted workspaces and inspect repository .git/config before launch; avoid inheriting untrusted Git configuration values.

Thank you to the NVIDIA AI Red Team for reporting this issue!