SYM_JAVA_0011 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code runs external system commands using dynamic or user-influenced input with Scala's Seq and sys.process. This allows attackers to inject malicious commands if input is not properly sanitized or controlled.
Impact
If exploited, an attacker could execute arbitrary system commands on the server, potentially leading to data theft, data loss, unauthorized access, or full system compromise. This can result in severe breaches of confidentiality and integrity for your application and infrastructure.