Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40anthropic-ai/claude-code@2.1.79
Typenpm
Namespace@anthropic-ai
Nameclaude-code
Version2.1.79
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.1.84
Latest_non_vulnerable_version2.1.84
Affected_by_vulnerabilities
0
url VCID-3jnt-txzp-hfd3
vulnerability_id VCID-3jnt-txzp-hfd3
summary 
Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution
Claude Code used the git worktree `commondir` file when determining folder trust but did not validate its contents. By crafting a repository with a `commondir` file pointing to a path the victim had previously trusted, an attacker could bypass the trust dialog and immediately execute malicious hooks defined in `.claude/settings.json`. Exploiting this required the victim to clone a malicious repository and run Claude Code within it, and for the attacker to know or guess a path the victim had already trusted.

Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to the latest version.

Claude Code thanks [hackerone.com/masato_anzai](https://hackerone.com/masato_anzai) for reporting this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40068
reference_id
reference_type
scores
0
value 0.00125
scoring_system epss
scoring_elements 0.31321
published_at 2026-06-05T12:55:00Z
1
value 0.00136
scoring_system epss
scoring_elements 0.3327
published_at 2026-06-09T12:55:00Z
2
value 0.00136
scoring_system epss
scoring_elements 0.33317
published_at 2026-06-06T12:55:00Z
3
value 0.00136
scoring_system epss
scoring_elements 0.33281
published_at 2026-06-07T12:55:00Z
4
value 0.00136
scoring_system epss
scoring_elements 0.33249
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40068
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-q5hj-mxqh-vv77
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T14:50:01Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-q5hj-mxqh-vv77
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40068
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40068
4
reference_url https://github.com/advisories/GHSA-q5hj-mxqh-vv77
reference_id GHSA-q5hj-mxqh-vv77
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q5hj-mxqh-vv77
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@2.1.84
purl pkg:npm/%40anthropic-ai/claude-code@2.1.84
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@2.1.84
aliases CVE-2026-40068, GHSA-q5hj-mxqh-vv77
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3jnt-txzp-hfd3
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@2.1.79