Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
User-supplied data from Flask requests is being passed directly into subprocess calls without proper validation or sanitization. This allows attackers to control command arguments, leading to unsafe command execution.
Impact#
If exploited, an attacker could execute arbitrary system commands on the server, potentially stealing data, installing malware, or taking full control of the host. This can result in data breaches, service outages, or further compromise of your infrastructure.