SYM_CLJ_0003 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language | clojure |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Medium |
Description
The code executes shell commands using clojure.java.shell/sh with arguments that may include user input. If these inputs aren't properly validated or sanitized, attackers could inject malicious commands.
Impact
If exploited, an attacker could run arbitrary system commands on the server, leading to data theft, system compromise, or full remote code execution. This could result in loss of sensitive data, service disruption, or a complete takeover of the application environment.