ANTHROPIC'S Claude Code recently faced issues, including a source code leak and a critical vulnerability. The leak occurred when a debugging sourcemap for Claude Code v2.1.88 was mistakenly published, allowing researchers to reconstruct 512,000 lines of TypeScript code. While this leak exposes operational insights, it does not include sensitive data such as model weights or customer information, implying minimal direct risk for users. However, it raises concerns about the potential creation of malicious replicas by adversaries.
Concerning security, Adversa AI discovered a critical vulnerability in Claude Code that affects its permission system. The bug allows for manipulation of deny rules that are intended to prevent unauthorized command executions. If an attacker uses a crafted prompt to create lengthy command pipelines, they can bypass security checks, risking the exfiltration of sensitive credentials. Despite some defensive measures by Claude's LLM safety layer, the underlying vulnerability in the permission system poses a significant threat.