SYM_PY_0063 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code runs shell commands using asyncio subprocess functions with parameters that are not fixed strings. If any part of the command comes from user input or external sources, this can lead to command injection vulnerabilities.
Impact
If exploited, an attacker could execute arbitrary system commands with the application's privileges. This could result in data theft, system compromise, or complete takeover of the server, putting sensitive data and infrastructure at risk.