@anthropic-ai/claude-code: Claude Code: Information disclosure and file overwrite via insecure temporary file in /copy command
Summary
@anthropic-ai/claude-code: Claude Code: Information disclosure and file overwrite via insecure temporary file in /copy command. Red Hat rates this moderate (CVSS 6.8). Weakness: CWE-59.
- 2.1.128
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Update Claude Code to version 2.1.128 or later, which uses randomized, UID-isolated temporary file paths with symlink protection. If updating is not immediately possible, avoid using the /copy command on multi-user systems where untrusted local users have access to /tmp.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.