Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code runs external system commands using dynamic strings with sys.process (like command.! or command.!!), which can allow untrusted input to control the executed command. This makes the application vulnerable to command injection attacks.
Impact#
If exploited, an attacker could execute arbitrary system commands on the server, potentially gaining access to sensitive data, modifying files, or taking control of the system. This may lead to data breaches, service disruption, or a full system compromise.