Use of Incorrectly-Resolved Name or Reference
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-706: Use of Incorrectly-Resolved Name or Reference |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Using user-controlled input as the module name in importlib.import_module() lets attackers load and execute arbitrary Python code. Avoid importing modules based on untrusted data or strictly validate allowed module names.
Impact#
If exploited, an attacker could execute malicious code within your application, potentially leading to data theft, unauthorized access, or full system compromise. This could severely impact application security and expose sensitive resources.