@siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes
- Severity:
- High
Description
| Field | Value | |——-|——-| | Severity | High | | CVSS 3.1 | 8.
Recommendation
Update the @siteboon/claude-code-ui package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.23.0
- Patched version(s): 1.24.0
References
Related Issues
- @siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection - CVE-2026-31975
- Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule - CVE-2025-67750
- nadesiko3 vulnerable to OS Command Injection - CVE-2022-42496
- Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction - CVE-2026-31828
- Tags:
- npm
- @siteboon/claude-code-ui
Anything's wrong? Let us know Last updated on March 11, 2026