Primary

Context

Claude Code Arbitrary Code Execution Vulnerability via Malicious Git Email Configuration

Vulnerability

A vulnerability in Claude Code prior to version 1.0.105 allows for arbitrary code execution. This issue arises because, at startup, Claude Code executes a command based on the user's git configuration email. If the email is maliciously crafted, it can trigger code execution before the user has a chance to accept the workspace trust dialog. Users who have updated Claude Code through the standard auto-update process will have received the patch for this vulnerability. Those who update manually should upgrade to version 1.0.105 or the latest version.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the user's machine.

Remediation

Users performing manual updates are advised to update to version 1.0.105 or the latest version.

Added: Sep 10, 2025, 4:21 PM

Updated: Sep 10, 2025, 4:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Claude Code Arbitrary Code Execution Vulnerability via Malicious Git Email Configuration

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating