Improper Control of Generation of Code (‘Code Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The code executes shell commands using dynamic values inside backticks in Ruby. If user input is included without proper validation, it could allow attackers to inject and run arbitrary commands.
Impact#
An attacker exploiting this could execute any command on the server, potentially gaining unauthorized access, stealing data, deleting files, or compromising the entire system. This can lead to data breaches, service outages, or full system takeover.