Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Cloning a Git repository using a URL that comes from untrusted input can allow attackers to inject and execute arbitrary shell commands on your system. This happens because Git supports special URL formats that can trigger shell execution.
Impact#
If exploited, an attacker could run commands on your server with the same permissions as your application. This could lead to data theft, server compromise, or further attacks within your infrastructure.