From b5fd2a9ec46260e55ffd49aa68b2d0d4f9828707 Mon Sep 17 00:00:00 2001
From: Julien Voisin
Date: Thu, 16 Feb 2023 11:35:19 +0100
Subject: Add another burned vuln to the php7 rules

---
 config/default.rules | 1 +
 1 file changed, 1 insertion(+)

(limited to 'config')

diff --git a/config/default.rules b/config/default.rules
index 232197a..2fa77d5 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -44,6 +44,7 @@ sp.disable_function.function("mail").param("additional_parameters").value_r("\\-
 
 # Since it's now burned, me might as well mitigate it publicly
 sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()
+sp.disable_function.function("putenv").param("setting").value("PATH").drop()
 
 # This one was burned in Nov 2019 - https://gist.github.com/LoadLow/90b60bd5535d6c3927bb24d5f9955b80
 sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop()
-- 
cgit v1.3