GHSA-JCCR-RRW2-VC8H OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure
Summary The jq safe-bin policy blocked explicit env usage but still allowed jq programs that accessed environment data through $ENV. Impact An operator-approved safe-bin jq command could disclose environment variables that the safe-bin policy was supposed to keep out of scope. Affected Component...