This repository was archived by the owner on Dec 11, 2025. It is now read-only.

This repository was archived by the owner on Dec 11, 2025. It is now read-only.

prevent exploiting common env #1

Open

opened

on Sep 25, 2019

os.environ[ postparam['key'] ] passes not only "secret" envs, but also normal envs (e.g. SSH_AGENT_PID=) to an attacker.

possible solutions

prefix
filter

Metadata

Assignees

No one assigned

Labels

No labels

No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests