Executive Summary

The vulnerability exists in the Claude SDK for Python versions from 0.86.0 up to but not including 0.87.0. The local filesystem memory tool created memory files with permissions set to 0o666, which means these files were world-readable and potentially world-writable depending on the system's umask settings. On shared hosts, this allowed local attackers to read persisted agent state data. In containerized environments, such as Docker, attackers could modify these memory files, potentially influencing the behavior of subsequent model operations. Both synchronous and asynchronous memory tool implementations were affected. This issue was fixed in version 0.87.0.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by exposing sensitive persisted agent state data to unauthorized local users on shared systems, compromising confidentiality. In containerized deployments, attackers could modify memory files, potentially altering the behavior of the AI model, which could lead to incorrect or malicious outputs. This could undermine the integrity and reliability of applications using the affected SDK versions.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability has been patched in version 0.87.0 of the Claude SDK for Python. To mitigate this vulnerability, you should upgrade the Anthropic Python SDK to version 0.87.0 or later.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows local attackers on shared hosts to read persisted agent state files that are world-readable and, in containerized environments with permissive umasks, to modify these files. This exposure of potentially sensitive data could lead to unauthorized access to information, which may conflict with data protection requirements in standards like GDPR and HIPAA that mandate strict controls over personal and sensitive data.

By leaving memory files world-readable and potentially world-writable, the vulnerability increases the risk of data leakage and unauthorized data modification, which could undermine compliance with confidentiality and integrity requirements in these regulations.

The issue has been patched in version 0.87.0, so updating to this version or later is necessary to mitigate these compliance risks.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves the creation of memory files with insecure permissions (mode 0o666) by the local filesystem memory tool in the Anthropic Python SDK versions 0.86.0 to before 0.87.0. To detect this vulnerability on your system, you can check for files created by the Anthropic Claude SDK memory tool that have world-readable or world-writable permissions.

For example, you can use the following command to find files with permissions 666 (rw-rw-rw-) or more permissive in directories where the SDK might store memory files:

• find /path/to/sdk/memory/files -type f \( -perm 0666 -o -perm -o+w \) -ls

Replace "/path/to/sdk/memory/files" with the actual path where the Anthropic SDK stores its memory files. If you are unsure, you might search your filesystem for recently modified files with these permissions:

• find / -type f \( -perm 0666 -o -perm -o+w \) -mtime -30 -ls

This command lists files with world-readable or writable permissions modified in the last 30 days, which might help identify vulnerable files.

Additionally, verifying the installed version of the Anthropic Claude SDK can help confirm if the vulnerability is present:

• pip show anthropic-claude-sdk

Ensure the version is 0.87.0 or later to have the patch applied.

Useful 0 Not Useful 0