SYM_JAVA_0012 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
This code runs shell commands by passing dynamic or user-controlled data directly to the shell (e.g., 'sh', 'bash') using Scala's sys.process API. If this input isn't properly sanitized, attackers can inject arbitrary commands.
Impact
An attacker could execute unauthorized system commands on your server, potentially stealing data, altering files, or taking control of the system. This could lead to data breaches, service outages, or full system compromise.