Skip to content

Potential Security Issue on Code Injection #196

Description

@nevercodecorrect

In code here, it eval an environment. A malicious local actor could set some values like export FETSIZE='os.system("touch rickroll")' to execute code.
This issue is similar to CVE-2022-2054.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions