Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The code is using asyncio’s subprocess_exec to run shell commands with dynamic or non-static input. If this input can be influenced by a user or external source, it creates a risk of command injection.
Impact#
An attacker could inject malicious commands, leading to unauthorized access, data theft, or complete control over the server. This could result in data breaches, service disruption, or compromise of the entire system.