Improper Control of Dynamically-Managed Code Resources
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-913: Improper Control of Dynamically-Managed Code Resources |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code uses a dynamically defined httptrace.ClientTrace, which means function code can be deserialized and executed during HTTP requests without clear visibility or control. This makes it harder to audit what code will run and increases the risk of unexpected behavior.
Impact#
If exploited, attackers could inject or execute arbitrary code during HTTP requests, potentially leading to unauthorized actions, data exposure, or compromise of the application’s integrity. This undermines security by allowing code execution paths that are difficult to review or restrict.