A critical vulnerability was discovered in Anthropic's Claude Code GitHub Action that allowed attackers to hijack public repositories through a single malicious GitHub issue. The flaw was particularly severe because Anthropic's own action repository used the vulnerable workflow, potentially enabling supply chain attacks affecting all downstream projects using the action.
A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it. RyotaK of GMO
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
1 min read
1 min read
1 min read