Improper Control of Generation of Code (‘Code Injection’)
| Property | |
|---|---|
| Language | bash |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
This code contains hidden Unicode bidirectional (bidi) characters, which can make code appear differently to reviewers than how it actually executes. Attackers can use these characters to disguise malicious code or change logic flow in a way that’s hard to detect.
Impact#
If exploited, an attacker could conceal harmful code or inject vulnerabilities that bypass code reviews, potentially leading to unauthorized code execution, data breaches, or system compromise. This can undermine code integrity and trust in the development process.