Improper Control of Generation of Code (‘Code Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
User-controlled input is being passed directly to Open3 pipeline methods without proper validation or sanitization. This allows attackers to inject and execute arbitrary commands on the server.
Impact#
If exploited, an attacker could run malicious code on your server, potentially gaining unauthorized access, stealing data, or compromising the entire system. This can lead to data breaches, loss of service, and significant organizational risk.