Improper Control of Generation of Code (‘Code Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
User-supplied data is being executed as code within a sandbox environment without proper validation. This allows attackers to inject and run arbitrary code if user input is not carefully controlled.
Impact#
If exploited, an attacker could execute malicious code in the sandbox, potentially accessing sensitive information, escalating privileges, or disrupting application functionality. This could lead to data breaches or compromise the integrity of the application.