[–] 0dd 7mo ago ↗ A full technical analysis with PoC video:https://oddguan.com/blog/anthropic-sandbox-cve-2025-66479/1. Docs promised empty allowedDomains = no network access but Actually disabled all restrictions (macOS + Linux) 2. No CVE for Claude Code, Compare: React & Next.js both got CVEs for RSC issue
1 comment
[ 2.3 ms ] story [ 13.1 ms ] threadhttps://oddguan.com/blog/anthropic-sandbox-cve-2025-66479/
1. Docs promised empty allowedDomains = no network access but Actually disabled all restrictions (macOS + Linux) 2. No CVE for Claude Code, Compare: React & Next.js both got CVEs for RSC issue