Nicksim

Name of the Vulnerable Software and Affected Versions Claude SDK for TypeScript versions 0.79.0 through 0.80.9 Description The Claude SDK for TypeScript, used for accessing the Claude API in TypeScript and JavaScript applications, had a flaw in the local filesystem memory tool. Between versions 0.79.0 and before 0.81.0, the path validation process used a string prefix check that lacked a trailing path separator. This allowed a crafted path, supplied through prompt injection, to resolve to a directory outside the intended sandbox, potentially enabling unauthorized read and write access. Recommendations Update to version 0.81.0 or later.