Improper Control of Generation of Code (‘Code Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
Using Ruby’s eval or related methods with input that can be influenced by users allows attackers to execute arbitrary code in your application. Avoid passing user data to eval or similar functions.
Impact#
If exploited, an attacker could run malicious code on your server, potentially gaining access to sensitive data, modifying application behavior, or taking full control of the system. This can lead to data breaches, service disruption, and severe compromise of application integrity.