Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description#
This code uses Deno.run() to execute system commands where part of the command comes from user input or a variable, instead of a fixed string. This allows attackers to inject malicious commands if the input is not properly sanitized.
Impact#
If exploited, an attacker could execute arbitrary commands on your server, potentially stealing data, modifying files, or taking control of the system. This can lead to major breaches, data loss, or full system compromise.