Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
User-controlled or unsanitized input is being passed to a ProcessBuilder command. This allows attackers to inject and execute arbitrary system commands if they can influence these variables.
Impact#
If exploited, an attacker could execute arbitrary commands on the server, potentially gaining unauthorized access, stealing data, or taking control of the system. This can lead to full system compromise and serious breaches of sensitive information.