Product
Crabbox prior to v0.12.0 is vulnerable to environment variable exposure, allowing attackers with access to a malicious repository to forward local secrets into the remote command environment by exploiting overly permissive environment variable allowlisting and serializing sensitive environment variables into remote command execution, exposing credentials to the remote environment.