Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
User input taken directly from an HTTP request is being passed to system commands via ProcessBuilder or Runtime.exec without proper validation. This allows attackers to inject malicious commands into the operating system.
Impact#
If exploited, an attacker could execute arbitrary system commands on your server, potentially gaining full control, stealing data, or disrupting service. This can lead to data breaches, server compromise, and serious security incidents.