SYM_PY_0038 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code is passing dynamic or external input into Python's InteractiveConsole or InteractiveInterpreter methods, which can execute arbitrary code. This is risky because it allows untrusted data to control what code gets run.
Impact
If exploited, an attacker could execute malicious Python commands on your system, potentially leading to data theft, system compromise, or complete takeover of the application server. This could expose sensitive information and disrupt operations.