spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-22 03:14:57 +00:00

History

A fdf7a675b3 security: validate GCP username before su to prevent command injection (#1451 ) Fixes command injection vulnerability in cloud-init where unquoted $(logname 2>/dev/null \|\| echo "$USER") could allow shell metacharacters to be interpreted with root privileges. Fixes #1450 Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-18 23:20:27 -05:00
..
common.sh	security: validate GCP username before su to prevent command injection (#1451 )	2026-02-18 23:20:27 -05:00

security: validate GCP username before su to prevent command injection (#1451 )

Fixes command injection vulnerability in cloud-init where unquoted
$(logname 2>/dev/null || echo "$USER") could allow shell metacharacters
to be interpreted with root privileges.

Fixes #1450

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-02-18 23:20:27 -05:00

common.sh

security: validate GCP username before su to prevent command injection (#1451 )

2026-02-18 23:20:27 -05:00