Claude HUD OSC 8 Hyperlink Injection Vulnerability

A vulnerability in Claude HUD versions through 0.0.12 allows for OSC 8 terminal hyperlink injection. The issue arises because the application constructs OSC 8 hyperlinks using raw current working directory (cwd) and branch URL values without properly sanitizing control characters or encoding. This oversight enables attackers to inject arbitrary ANSI codes into terminal sessions. Exploitation can be achieved by embedding ESC+backslash sequences in the cwd or branch URL, which can execute malicious ANSI codes such as altering text colors, creating fake prompts, and writing to the clipboard via OSC 52. Additionally, clicking the injected hyperlinks can trigger outbound HTTP requests to attacker-controlled servers.

Impact

Successful exploitation allows for the injection of arbitrary ANSI codes into terminal sessions, which can be used to change text colors, create fake prompts, and write to the clipboard. The vulnerability also enables the execution of HTTP requests to attacker-controlled servers when the injected hyperlinks are clicked.

Reproduction

The vulnerability can be reproduced by creating a Git branch name or a current working directory path that includes control characters, such as ESC+backslash sequences. Once this is done, the branch name or directory path can be used in a context that processes OSC 8 hyperlinks, such as a Git status command that is rendered in the terminal. The injected ANSI codes will execute immediately, demonstrating the impact of the vulnerability.

Remediation

Users can update to Claude HUD version 0.0.12 or later, where this vulnerability has been patched.