SYM_JAVA_0009 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Control of Generation of Code ('Code Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code ('Code Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
Using JavaScript's eval() function in Scala.js with input that can come from users or external sources allows attackers to inject and execute arbitrary code. This makes your application vulnerable to code injection attacks.
Impact
If exploited, an attacker could run malicious JavaScript in your application's context—potentially stealing sensitive data, manipulating the app's behavior, or compromising user accounts. This can lead to data breaches, unauthorized actions, or a complete takeover of affected systems.