The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade @anthropic-ai/claude-code to version 2.1.163 or higher.
@anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you.
Affected versions of this package are vulnerable to Symlink Attack in the handling of worktrees when interacting with repositories containing specially crafted symbolic links and directory names. An attacker can execute arbitrary code outside of sandbox restrictions by convincing a user to clone a malicious repository and run the application against its contents. This can result in the overwriting of configuration files in the user's home directory, such as .zshenv, leading to unauthorized code execution.