SYM_JSTS_0094 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Cloning a Git repository using a URL that comes from untrusted input can allow attackers to inject and execute arbitrary shell commands on your system. This happens because Git supports special URL formats that can trigger shell execution.
Impact
If exploited, an attacker could run commands on your server with the same permissions as your application. This could lead to data theft, server compromise, or further attacks within your infrastructure.