3 points | by zack-eth 6 hours ago ago
1 comments
The handler is designed to refresh one session token. It accepts any environment variable.
To be clear: this is not a critical vulnerability. It is defense in depth.
Demo: https://asciinema.org/a/WRG8NjV5MjLcFxbh PoC: `npx claude-code-audited`
The handler is designed to refresh one session token. It accepts any environment variable.
To be clear: this is not a critical vulnerability. It is defense in depth.
Demo: https://asciinema.org/a/WRG8NjV5MjLcFxbh PoC: `npx claude-code-audited`