Improper Control of Generation of Code (‘Code Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
Untrusted user input is being passed directly into the vm2 sandbox for execution. This allows users to inject and run arbitrary code inside the sandbox, which is risky if their data isn’t properly validated or sanitized.
Impact#
If exploited, an attacker could execute malicious code within the vm2 sandbox, potentially bypassing security controls, accessing sensitive data, or causing the application to behave unexpectedly. This could lead to data leaks, unauthorized actions, or compromise of the server environment depending on vm2 configuration.