Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did not append a trailing path separator. A model steered by prompt injection could supply a crafted path that resolved to a sibling directory sharing the memory root's name as a prefix, allowing reads and writes outside the sandboxed memory directory. This issue has been patched in version 0.81.0.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAnthropic Claude Sdk For Typescript
APPAnthropic0.79.0 – 0.81.0 (bez)
Related vulnerabilities
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applicat...
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed cre...
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions si...
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions si...
In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree c...