Bleon-Ethical

**Name of the Vulnerable Software and Affected Versions** bleon-ethical/api-gateway-deploy version 1.0.0 **Description** The software is susceptible to an attack chain involving OS Command Injection and Privilege Escalation. Successful exploitation allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a container escape and unauthorized infrastructure modifications. The issue is related to insufficient input validation and insecure configurations. **Recommendations** Update to version 1.0.1, which includes fixes such as strict input sanitization and secure delimiters in the `entrypoint.sh` file, enforcement of a non-root user (`appuser`) in the Dockerfile, and mandatory security quality gates.