Y
Hacker News
new
|
ask
|
show
|
jobs
by
clandad
340 days ago
Hard to believe they left such an obvious security hole open for 6 months. Any random PR can access environment variables? That's concerning for a project with 20k+ stars.
1 comments
dominikdoesdev
340 days ago
Yea, I'm not sure why the developer refuses to fix it. You can probably do a lot more than just read environment variables too.
link