1. Shell Injection Vulnerability in Chat Application Docker Entrypoint Exposes BACKEND_URL to Arbitrary Nginx Config Injection
A high-severity shell injection vulnerability has been identified in the Docker entrypoint script of a chat application's frontend Nginx container. The flaw, tracked in `src/chat-app/frontend/docker-entrypoint.sh` (lines 11–14), allows an attacker who controls the `BACKEND_URL` environment variable to inject arbitrary ...