Teknium 73a88a02fe fix(security): prevent shell injection in _expand_path via ~user path suffix (#2047) ...

echo was called with the full unquoted path (~username/suffix), allowing
command substitution in the suffix (e.g. ~user/$(malicious)) to execute
arbitrary shell commands. The fix expands only the validated ~username
portion via the shell and concatenates the suffix as a plain string.

Co-authored-by: Gutslabs <gutslabsxyz@gmail.com>

2026-03-23 16:00:34 -07:00

44 KiB

Raw Blame History

View Raw