SYM_GO_0013 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Control of Generation of Code ('Code Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code ('Code Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code runs system commands using dynamic or user-controlled input with exec.Command or exec.CommandContext, instead of hardcoded commands. This exposes the application to code injection risks if untrusted data can reach these calls.
Impact
If exploited, an attacker could execute arbitrary system commands on your server, leading to data theft, system compromise, or full remote control of the application environment. This can result in data loss, service disruption, and severe security breaches.