Vulnerability	Vulnerable Version
M Incorrect Permission Assignment for Critical Resource @anthropic-ai/sdk is a The official TypeScript library for the Anthropic API Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the `BetaLocalFilesystemMemoryTool` that creates memory files and directories using the Node.js default modes (`0o666` for files, `0o777` for directories). An attacker can access persisted agent state. In environments with a permissive umask (e.g. Docker, where umask is often `0o000`) the attacker can modify sensitive memory files to influence subsequent model behavior. How to fix Incorrect Permission Assignment for Critical Resource? Upgrade `@anthropic-ai/sdk` to version 0.91.1 or higher.	>=0.79.0 <0.91.1
M Directory Traversal @anthropic-ai/sdk is a The official TypeScript library for the Anthropic API Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied paths in the `memory` tool. An attacker can access or modify files outside the intended sandboxed directory by supplying a crafted path that bypasses the intended directory restrictions. How to fix Directory Traversal? Upgrade `@anthropic-ai/sdk` to version 0.81.0 or higher.	>=0.79.0 <0.81.0

Incorrect Permission Assignment for Critical Resource

@anthropic-ai/sdk is a The official TypeScript library for the Anthropic API

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the BetaLocalFilesystemMemoryTool that creates memory files and directories using the Node.js default modes (0o666 for files, 0o777 for directories). An attacker can access persisted agent state. In environments with a permissive umask (e.g. Docker, where umask is often 0o000) the attacker can modify sensitive memory files to influence subsequent model behavior.

How to fix Incorrect Permission Assignment for Critical Resource?

Upgrade @anthropic-ai/sdk to version 0.91.1 or higher.

>=0.79.0 <0.91.1

Directory Traversal

@anthropic-ai/sdk is a The official TypeScript library for the Anthropic API

Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied paths in the memory tool. An attacker can access or modify files outside the intended sandboxed directory by supplying a crafted path that bypasses the intended directory restrictions.

How to fix Directory Traversal?

Upgrade @anthropic-ai/sdk to version 0.81.0 or higher.

>=0.79.0 <0.81.0

Go back to all versions of this package