Masato_Anzaif

**Name of the Vulnerable Software and Affected Versions** Claude Code versions 2.1.63 through 2.1.83 **Description** The folder trust determination logic fails to validate the contents of the git worktree `commondir` file. An attacker can craft a malicious repository with a `commondir` file pointing to a path previously trusted by the victim. This allows the attacker to bypass the trust confirmation dialog and execute hooks defined in `.claude/settings.json`. Successful exploitation requires the victim to clone the malicious repository, run Claude Code within it, and the attacker to know or guess a trusted path on the victim's system. **Recommendations** Update to version 2.1.84.