SYM_PY_0017 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code accesses or modifies global or local variables using dynamic, non-static keys (like user input) with globals() or locals(). This allows unintended variables to be read or written, making the code unsafe.
Impact
An attacker could execute arbitrary code or manipulate program behavior by controlling which variables are accessed or set, potentially leading to data leaks, privilege escalation, or full system compromise.