Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
This code runs shell commands by passing dynamic or user-controlled data directly to the shell (e.g., ‘sh’, ‘bash’) using Scala’s sys.process API. If this input isn’t properly sanitized, attackers can inject arbitrary commands.
Impact#
An attacker could execute unauthorized system commands on your server, potentially stealing data, altering files, or taking control of the system. This could lead to data breaches, service outages, or full system compromise.