Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-96: Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code accesses or modifies global or local variables using dynamic, non-static keys (like user input) with globals() or locals(). This allows unintended variables to be read or written, making the code unsafe.
Impact#
An attacker could execute arbitrary code or manipulate program behavior by controlling which variables are accessed or set, potentially leading to data leaks, privilege escalation, or full system compromise.