@siteboon/claude-code-ui 1.22.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the @siteboon/claude-code-ui package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Command Injection @siteboon/claude-code-ui is an A web-based UI for Claude Code CLI Affected versions of this package are vulnerable to Command Injection through the `authenticateWebSocket` process and unsanitized input in the WebSocket shell handler. An attacker can execute arbitrary operating system commands by forging a JWT token using a known default secret and sending crafted WebSocket messages containing malicious payloads. How to fix Command Injection? Upgrade `@siteboon/claude-code-ui` to version 1.25.0 or higher.	<1.25.0
H Arbitrary Command Injection @siteboon/claude-code-ui is an A web-based UI for Claude Code CLI Affected versions of this package are vulnerable to Arbitrary Command Injection in the handling of user-supplied parameters in multiple Git-related API endpoints, including `file`, `branch`, `message`, and `commit`, which are directly interpolated into shell command strings executed by the `execAsync` function. An attacker can execute arbitrary operating system commands with the privileges of the Node.js process by supplying specially crafted input containing shell metacharacters or command substitution syntax. How to fix Arbitrary Command Injection? Upgrade `@siteboon/claude-code-ui` to version 1.24.0 or higher.	<1.24.0
H Arbitrary Code Injection @siteboon/claude-code-ui is an A web-based UI for Claude Code CLI Affected versions of this package are vulnerable to Arbitrary Code Injection in the `git-config` endpoint due to improper sanitization of user-supplied input in shell command construction. An attacker can execute arbitrary OS commands as the server process user by injecting malicious values into the `gitName` or `gitEmail` parameters. How to fix Arbitrary Code Injection? Upgrade `@siteboon/claude-code-ui` to version 1.24.0 or higher.	<1.24.0

Vulnerability

Vulnerable Version

Command Injection

@siteboon/claude-code-ui is an A web-based UI for Claude Code CLI

Affected versions of this package are vulnerable to Command Injection through the authenticateWebSocket process and unsanitized input in the WebSocket shell handler. An attacker can execute arbitrary operating system commands by forging a JWT token using a known default secret and sending crafted WebSocket messages containing malicious payloads.

How to fix Command Injection?

Upgrade @siteboon/claude-code-ui to version 1.25.0 or higher.

<1.25.0

Arbitrary Command Injection

@siteboon/claude-code-ui is an A web-based UI for Claude Code CLI

Affected versions of this package are vulnerable to Arbitrary Command Injection in the handling of user-supplied parameters in multiple Git-related API endpoints, including file, branch, message, and commit, which are directly interpolated into shell command strings executed by the execAsync function. An attacker can execute arbitrary operating system commands with the privileges of the Node.js process by supplying specially crafted input containing shell metacharacters or command substitution syntax.

How to fix Arbitrary Command Injection?

Upgrade @siteboon/claude-code-ui to version 1.24.0 or higher.

<1.24.0

Arbitrary Code Injection

@siteboon/claude-code-ui is an A web-based UI for Claude Code CLI

Affected versions of this package are vulnerable to Arbitrary Code Injection in the git-config endpoint due to improper sanitization of user-supplied input in shell command construction. An attacker can execute arbitrary OS commands as the server process user by injecting malicious values into the gitName or gitEmail parameters.

How to fix Arbitrary Code Injection?

Upgrade @siteboon/claude-code-ui to version 1.24.0 or higher.

<1.24.0

@siteboon/claude-code-ui@1.22.0 vulnerabilities

A web-based UI for Claude Code CLI

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically