Claude Code Cache Fix Local Code Execution Vulnerability via Python Triple-Quote Injection

A local code execution vulnerability has been identified in the Claude Code Cache Fix tool, specifically in versions 3.5.0 prior to 3.5.2. The issue arises in the 'tools/quota-statusline.sh' script, which interpolates hook stdin payloads directly into a Python triple-quoted string. This allows for injection of Python code execution by manipulating the payload with a specific byte sequence. The vulnerability is present when the script is integrated into the Claude Code statusLine configuration, a setup recommended in the tool's README.

Impact

Exploitation of this vulnerability leads to arbitrary code execution in the user's Claude Code process, with the executed code running under the user's privileges. This allows access to the user's shell, files, SSH keys, and any locally available credentials. The injection occurs through the statusLine hook, which is triggered on every redraw, creating a persistent execution channel.

Reproduction

To reproduce this vulnerability, first create a directory with a name that includes a payload designed to exploit the injection, such as a JSON string with a command injection. This directory can be placed on the filesystem through various means, such as npm packages or extracted archives. Once the directory is created, navigate to it using the command line. The 'tools/quota-statusline.sh' script will automatically execute the injected payload as Python code, exploiting the vulnerability.

Remediation

Users can upgrade to Claude Code Cache Fix version 3.5.2, which addresses the vulnerability by modifying the 'tools/quota-statusline.sh' script to prevent the injection. Alternatively, users can remove the 'statusLine' entry from their Claude Code settings or replace the default quota statusline script with a version that does not use the vulnerable Python interpolation method.