SYM_PY_0054 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
Spawning operating system processes with dynamic or externally influenced input can allow attackers to inject and execute malicious commands. This happens when functions like os.spawn* or os.posix_spawn* use variables that may contain untrusted data.
Impact
If exploited, an attacker could run arbitrary commands on your server, leading to data theft, data loss, or full system compromise. This could result in unauthorized access, disruption of service, or further attacks on your infrastructure.