diff --git a/expr_insecure.go b/expr_insecure.go
index b4b409a7a..0467570f9 100644
--- a/expr_insecure.go
+++ b/expr_insecure.go
@@ -24,7 +24,8 @@ func (m *UntrustedInputMap) findObjectProp(name string) (*UntrustedInputMap, boo
 		if c, ok := m.Children[name]; ok {
 			return c, true
 		}
-		if c, ok := m.Children["*"]; ok {
+		c, ok := m.Children["**"]
+		if name != "*" && ok {
 			return c, true
 		}
 	}
@@ -137,7 +138,7 @@ var BuiltinUntrustedInputs = UntrustedInputSearchRoots{
 		NewUntrustedInputMap("head_ref"),
 	),
 	"env": NewUntrustedInputMap("env",
-		NewUntrustedInputMap("*"),
+		NewUntrustedInputMap("**"),
 	),
 }
 
diff --git a/expr_insecure_test.go b/expr_insecure_test.go
index 60d2f1554..7b54a7f5d 100644
--- a/expr_insecure_test.go
+++ b/expr_insecure_test.go
@@ -54,7 +54,7 @@ func TestExprInsecureBuiltinUntrustedInputs(t *testing.T) {
 	rec = func(m map[string]*UntrustedInputMap, path []string) {
 		for k, v := range m {
 			p := append(path, k)
-			if k == "*" {
+			if k == "*" || k == "**" {
 				if len(m) != 1 {
 					t.Errorf("%v has * key but it also has other keys in %v", k, p)
 				}