SYM_GO_0018 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Control of Dynamically-Managed Code Resources
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-913: Improper Control of Dynamically-Managed Code Resources |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code uses a dynamically defined httptrace.ClientTrace, which means function code can be deserialized and executed during HTTP requests without clear visibility or control. This makes it harder to audit what code will run and increases the risk of unexpected behavior.
Impact
If exploited, attackers could inject or execute arbitrary code during HTTP requests, potentially leading to unauthorized actions, data exposure, or compromise of the application's integrity. This undermines security by allowing code execution paths that are difficult to review or restrict.