Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The code is passing dynamic or external input into Python’s InteractiveConsole or InteractiveInterpreter methods, which can execute arbitrary code. This is risky because it allows untrusted data to control what code gets run.
Impact#
If exploited, an attacker could execute malicious Python commands on your system, potentially leading to data theft, system compromise, or complete takeover of the application server. This could expose sensitive information and disrupt operations.