While working on superdesign project, I reviewed the dependency manifest and found that it uses a vulnerable version of @anthropic-ai/claude-code. During analysis, I discovered that the sandbox mechanism does not properly prevent symlink-based path traversal. A sandboxed process can create a symlink pointing outside the workspace, and when a write operation is performed, the system follows the symlink and writes to the external location without restriction.
CVE Report
CVE Link
While working on superdesign project, I reviewed the dependency manifest and found that it uses a vulnerable version of @anthropic-ai/claude-code. During analysis, I discovered that the sandbox mechanism does not properly prevent symlink-based path traversal. A sandboxed process can create a symlink pointing outside the workspace, and when a write operation is performed, the system follows the symlink and writes to the external location without restriction.
CVE Report
CVE Link