Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with `git config user.email`. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to version 1.0.105 or the latest version.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| @anthropic-ai/claude-code(npm) | 0 | 1.0.105 | N/A |
CVSS Metrics
