Nixpkgs security tracker
7.7 HIGH
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): Present (P)
- Privileges Required (PR): None (N)
- User Interaction (UI): Passive (P)
- Vulnerable System Impact Confidentiality (VC): High (H)
- Vulnerable System Impact Integrity (VI): High (H)
- Vulnerable System Impact Availability (VA): High (H)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): Present (P)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Passive (P)
- Modified Vulnerable System Impact Confidentiality (MVC): High (H)
- Modified Vulnerable System Impact Integrity (MVI): High (H)
- Modified Vulnerable System Impact Availability (MVA): High (H)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
6 packages
- claude-code-acp
- claude-code-router
- gnomeExtensions.claude-code-usage
- gnomeExtensions.claude-code-switcher
- vscode-extensions.anthropic.claude-code
- gnomeExtensions.claude-code-usage-indicator
- @LeSuisse accepted
- @LeSuisse published on GitHub
Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor execution during worktree operations, an attacker could overwrite files in the user's home directory (such as .zshenv), leading to code execution outside of seatbelt sandbox restrictions. Reliably exploiting this required the user to clone a malicious repository containing prompt injection content and run Claude Code against it. This vulnerability is fixed in 2.1.163.
References
Affected products
- ==>= 2.1.38, < 2.1.163
Matching in nixpkgs
pkgs.claude-code
Agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster
Ignored packages (6)
pkgs.claude-code-acp
None
pkgs.claude-code-router
Tool to route Claude Code requests to different models and customize any request
pkgs.gnomeExtensions.claude-code-usage
Display Claude Code usage in the top panel. This extension uses anthropic.com services. This extension is not affiliated, funded, or in any way associated with Claude.
pkgs.gnomeExtensions.claude-code-switcher
A GNOME shell extension for quickly switching Claude Code API providers with enhanced performance and reliability.
pkgs.vscode-extensions.anthropic.claude-code
Harness the power of Claude Code without leaving your IDE
pkgs.gnomeExtensions.claude-code-usage-indicator
Shows remaining time and usage percentage for Claude Code sessions in the top panel. Displays format like '3h 12m (30%)' showing both time remaining and percentage consumed. Automatically refreshes every 5 minutes.
Package maintainers
-
@mirkolenz Mirko Lenz <mirko@mirkolenz.com>
-
@adeci Alex Decious <alex.decious@gmail.com>
-
@xiaoxiangmoe ZHAO JinXiang <xiaoxiangmoe@gmail.com>
-
@markus1189 Markus Hauck <markus1189@gmail.com>
-
@omarjatoi Omar Jatoi
-
@oskarwires Oskar <me@usbcable.io>
-
@malob Malo Bourgon <mbourgon@gmail.com>