Environment variable injection occurs in an application when the application receives
data from a user or a third-party service and, without sanitizing it first, does the following:

* Creates an environment variable based on the external data.
* Inserts the external data into certain sensitive environment variables, such as `PATH` or `LD_PRELOAD`.

 If an application uses environment variables that are vulnerable to injection, it is exposed
 to a variety of attacks that aim to exploit supposedly safe environment variables, such as `PATH`.

A user with malicious intent carefully performs actions aimed at modifying or adding environment variables to profit from it.