Homepage

claude-code-cache-fix@3.5.0

Cache optimization proxy and interceptor for Claude Code. Fixes prompt cache bugs, stabilizes prefix, reduces quota burn.

  • latest version

    3.9.0

  • latest non vulnerable version

    3.9.0

  • first published

    1 months ago

  • latest version published

    5 hours ago

  • licenses detected

  • View claude-code-cache-fix package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the claude-code-cache-fix package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Arbitrary Code Injection

    claude-code-cache-fix is a Cache optimization proxy and interceptor for Claude Code. Fixes prompt cache bugs, stabilizes prefix, reduces quota burn.

    Affected versions of this package are vulnerable to Arbitrary Code Injection via the tools/quota-statusline.sh process. An attacker can execute arbitrary Python code in the user's process by introducing a specially crafted directory name containing a Python triple-quote sequence, which is then reflected into a Python string literal and executed. This is only exploitable if the statusLine configuration is enabled and wired to tools/quota-statusline.sh as recommended in the affected versions.

    How to fix Arbitrary Code Injection?

    Upgrade claude-code-cache-fix to version 3.5.2 or higher.

    >=3.5.0 <3.5.2
    Go back to all versions of this package