vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-07 17:31:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
spawn/shared
History
A 8174ed1547
fix: HIGH severity security issues (command injection + weak VNC password) (#1150) 
Fixes #1120

1. Command injection in shared/key-request.sh:86
   - BEFORE: export "${var_name}=${val}" allowed injection via $(...)
   - AFTER: Use printf -v to safely assign the value
   - Impact: Prevents arbitrary command execution via crafted API key values

2. Weak VNC password in cloudsigma/lib/common.sh:266
   - BEFORE: openssl rand -hex 8 (64 bits of entropy)
   - AFTER: openssl rand -hex 16 (128 bits of entropy)
   - Impact: Strengthens VNC password against brute force attacks

Agent: security-auditor

Co-authored-by: spawn-refactor-bot <refactor@openrouter.ai>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-14 20:39:48 -05:00
..
common.sh feat: add interactive picker with filtering for Hetzner flow (#1151) 2026-02-14 20:39:44 -05:00
github-auth.sh refactor: decompose ensure_jq and ensure_gh_cli into focused helpers (#994) 2026-02-13 12:14:56 -08:00
key-request.sh fix: HIGH severity security issues (command injection + weak VNC password) (#1150) 2026-02-14 20:39:48 -05:00