// Alert

Claude threat report

// ClaudeCRITICAL

GMO Flatt Security researcher disclosed critical vulnerabilities in Claude Code's GitHub Actions workflow that allow bypassing permission controls and compromising repositories. An attacker could inject malicious input through GitHub Issues or Pull Requests to exfiltrate secrets, execute arbitrary commands, and compromise repositories including Anthropic's own. Variants were actively exploited in the wild before disclosure. Anthropic patched the issues in version 1.0.94.

// Get alerts for Claude