[@google/clasp] @google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script

**[@google/clasp] @google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script**

Impact Allows an attacker to perform a "Path Traversal" attack to modify files outside the projects directory, potentially allowing for running attacker code on the developer's machine. Patches Fixed in version 3.2.0 Workarounds Only clone or pull scripts from trusted sources Review the output of the pull and clone commands to verify only expected project files are modified References https://github.com/google/clasp/security/advisories/GHSA-hqjg-pww4-pcgq https://nvd.nist.gov/vuln/detail/CVE-2026-4092 https://github.com/google/clasp/pull/1109 https://github.com/google/clasp/commit/ba6bd666fe74de54950122b5d92ecf1dcc02a9d3 https://github.com/google/clasp/releases/tag/v3.2.0 https://github.com/advisories/GHSA-hqjg-pww4-pcgq

---

**[devsupporter 해설]**

이 기사는 GitHub Security Advisories에서 제공하는 최신 개발 동향입니다. 관련 도구나 기술에 대해 더 알아보시려면 원본 링크를 참고하세요.