SYM_JAVA_0015 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code runs external system commands using dynamic strings with sys.process (like command.! or command.!!), which can allow untrusted input to control the executed command. This makes the application vulnerable to command injection attacks.
Impact
If exploited, an attacker could execute arbitrary system commands on the server, potentially gaining access to sensitive data, modifying files, or taking control of the system. This may lead to data breaches, service disruption, or a full system compromise.