Advisory Database
  • Advisories
  • Dependency Scanning
  1. npm
  2. ›
  3. @anthropic-ai/claude-code
  4. ›
  5. GHSA-ph6w-f82w-28w6

GHSA-ph6w-f82w-28w6: Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning

September 3, 2025

When Claude Code was started in a new directory, it displayed a warning asking, “Do you trust the files in this folder?”. This warning did not properly document that selecting “Yes, proceed” would allow Claude Code to execute files in the folder without additional confirmation. This may not have been clear to a user so we have updated the warning to clarify this functionality.

Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.

Thank you to https://hackerone.com/avivdon for reporting this issue!

References

  • github.com/advisories/GHSA-ph6w-f82w-28w6
  • github.com/anthropics/claude-code
  • github.com/anthropics/claude-code/security/advisories/GHSA-ph6w-f82w-28w6

Code Behaviors & Features

Detect and mitigate GHSA-ph6w-f82w-28w6 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 1.0.87

Fixed versions

  • 1.0.87

Solution

Upgrade to version 1.0.87 or above.

Weakness

  • CWE-94: Improper Control of Generation of Code ('Code Injection')

Source file

npm/@anthropic-ai/claude-code/GHSA-ph6w-f82w-28w6.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Thu, 04 Sep 2025 12:20:43 +0000.