vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-01 21:30:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
spawn/sh/e2e/lib/clouds
History
A de732fa695
fix: prevent command injection in _sprite_exec via stdin piping (#2329) 
Pipe the command via stdin to bash instead of embedding it in a bash -c
string. This eliminates shell injection risk from unquoted cmd parameter,
consistent with _sprite_exec_long in the same file and other cloud drivers.

Fixes #2327

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-08 06:44:19 -04:00
..
aws.sh fix: replace base64 interpolation with stdin piping in all cloud exec_long functions (#2290) 2026-03-07 14:09:15 -05:00
digitalocean.sh fix: replace base64 interpolation with stdin piping in all cloud exec_long functions (#2290) 2026-03-07 14:09:15 -05:00
gcp.sh fix: replace base64 interpolation with stdin piping in all cloud exec_long functions (#2290) 2026-03-07 14:09:15 -05:00
hetzner.sh fix: replace base64 interpolation with stdin piping in all cloud exec_long functions (#2290) 2026-03-07 14:09:15 -05:00
sprite.sh fix: prevent command injection in _sprite_exec via stdin piping (#2329) 2026-03-08 06:44:19 -04:00