SYM_PY_0026 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code is passing dynamic or external data to run_in_subinterp, which can lead to execution of arbitrary Python code. This is unsafe if user input or untrusted data is involved.
Impact
If exploited, an attacker could execute malicious Python code on the server, potentially gaining access to sensitive information, modifying data, or taking control of the system. This could lead to data breaches and full compromise of the application or host.