Improper Control of Generation of Code (‘Code Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
Untrusted user input is being passed directly into the ‘sandbox’ library for code execution. This allows attackers to inject and run arbitrary code inside the sandbox, bypassing intended security controls.
Impact#
If exploited, an attacker could execute malicious code on the server, potentially gaining access to sensitive data, manipulating application behavior, or compromising system integrity. This could lead to data breaches, service disruption, or further attacks on your infrastructure.