SYM_JSTS_0122 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements in Data Query Logic
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-943: Improper Neutralization of Special Elements in Data Query Logic |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description
User input from the Lambda event object is being passed directly into DynamoDB queries without proper validation or sanitization. This can allow attackers to inject malicious data into database operations, leading to insecure database access.
Impact
If exploited, an attacker could manipulate database queries to access, modify, or delete data they shouldn't, potentially exposing sensitive information or corrupting your database. This can lead to data breaches, data loss, or unauthorized actions within your AWS environment.