Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation
Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets ANTHROPIC_BASE_URL to an attacker-controlled endpoint and when the repository was opened, Claude Code would read the configuration and immediately issue API requests before showing the trust prompt, potentially leaking the user's API keys. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to version 2.0.65, which contains a patch, or to the latest version.
Affected products
- ==< 2.0.65
Matching in nixpkgs
pkgs.claude-code
An agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster
pkgs.claude-code-acp
ACP-compatible coding agent powered by the Claude Code SDK
pkgs.claude-code-router
Tool to route Claude Code requests to different models and customize any request
pkgs.gnomeExtensions.claude-code-switcher
A GNOME shell extension for quickly switching Claude Code API providers with enhanced performance and reliability.
pkgs.vscode-extensions.anthropic.claude-code
Harness the power of Claude Code without leaving your IDE
pkgs.gnomeExtensions.claude-code-usage-indicator
Shows remaining time and usage percentage for Claude Code sessions in the top panel. Displays format like '3h 12m (30%)' showing both time remaining and percentage consumed. Automatically refreshes every 5 minutes.
Package maintainers
-
@malob Malo Bourgon <mbourgon@gmail.com>
-
@markus1189 Markus Hauck <markus1189@gmail.com>
-
@omarjatoi Omar Jatoi
-
@storopoli Jose Storopoli <jose@storopoli.com>
-
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
-
@honnip Jung seungwoo <me@honnip.page>
-
@xiaoxiangmoe ZHAO JinXiang <xiaoxiangmoe@gmail.com>