Vulnerability Key Information Pull Request Title: Add blocklist of environment variables who could alter execution of plugins #3934 Merge Status: Merged Merge Date: Jul 19, 2024 Labels: Security, Server Related Vulnerabilities: - GHSA-3wf2-2pq4-4rvc - CVE-2024-41122 Key Commits: - Blacklist environment variables who could alter execution of plugins - Fix cSpell lint - Merge branch 'main' into evil-vars-on-snigulp Comments and Issues: - The reason and functionality of the code changes are unclear, raising concerns and questions during the merge process. - The security fix was implemented in a private repository, with some reviews and discussions not made public. Background Information: - This Pull Request was merged into the release branch before CI checks were completed. - Relevant details will be disclosed at a later time; currently, users must infer the fix content to ensure their security. ``` From the screenshot, it is evident that this commit addressed a security issue related to environment variables. However, specific details and context require further information for verification. Additionally, the rapid merge and use of a private repository have caused confusion and concern among some developers.