Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The code runs shell commands using asyncio subprocess functions with parameters that are not fixed strings. If any part of the command comes from user input or external sources, this can lead to command injection vulnerabilities.
Impact#
If exploited, an attacker could execute arbitrary system commands with the application’s privileges. This could result in data theft, system compromise, or complete takeover of the server, putting sensitive data and infrastructure at risk.