SYM_GO_0015 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Control of Dynamically-Managed Code Resources
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-913: Improper Control of Dynamically-Managed Code Resources |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Using reflect.MakeFunc in Go allows creation of functions at runtime, bypassing normal type safety checks. If user input can influence the generated code, this could introduce severe security risks.
Impact
An attacker may exploit this to execute arbitrary code or perform unauthorized actions within your application, potentially leading to data breaches, privilege escalation, or full system compromise.