SYM_PY_0111 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
Your code uses 'eval' or 'exec' to execute code that comes from external input, such as function arguments or event data. This practice is risky because it allows untrusted data to control code execution.
Impact
If exploited, an attacker could run arbitrary Python code on your server, leading to data theft, service disruption, or a complete system compromise. This could expose sensitive information and undermine the security of your entire application.