BlockBeats News, July 8th - Recently, the Network Security Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology of China reported that a serious security vulnerability was found in the AI programming tool Claude Code.
Claude Code is an AI programming tool developed by the American company Anthropic, which can autonomously complete code writing, repair, and other tasks based on text requirements. Due to its built-in monitoring mechanism, it can transfer user's geographical location, identity, and other sensitive information to a remote server without user consent. The affected versions of Claude Code are from 2.1.91 to 2.1.196. It is recommended that relevant organizations and users immediately conduct a comprehensive investigation. For development terminals installed with the affected versions mentioned above, uninstall them immediately or upgrade to the latest secure version that has removed the backdoor code. Enhance control over outbound permissions of development tools in the core business network and implement traffic monitoring to prevent unauthorized external transmission of sensitive data.
