Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The code runs external system commands using dynamic or user-influenced input with Scala’s Seq and sys.process. This allows attackers to inject malicious commands if input is not properly sanitized or controlled.
Impact#
If exploited, an attacker could execute arbitrary system commands on the server, potentially leading to data theft, data loss, unauthorized access, or full system compromise. This can result in severe breaches of confidentiality and integrity for your application and infrastructure.