@siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes
- Severity:
- High
Description
| Field | Value | |——-|——-| | Severity | High | | CVSS 3.1 | 8.
Recommendation
Update the @siteboon/claude-code-ui package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.23.0
- Patched version(s): 1.24.0
References
Related Issues
- @siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection - CVE-2026-31975
- claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh - CVE-2026-45136
- @elgentos/magento2-dev-mcp vulnerable to command injection - CVE-2026-5603
- lodash vulnerable to Code Injection via `_.template` imports key names - lodash-amd - CVE-2026-4800
You might also like:
- Tags:
- npm
- @siteboon/claude-code-ui
Anything's wrong? Let us know Last updated on March 11, 2026