SYM_RB_0013 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Control of Generation of Code ('Code Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code ('Code Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Checks for unsafe use of Object#send, try, send, and public_send. These only account for unsafe use of a method, not target. This can lead to arbitrary calling of exit, along with arbitrary code execution. Please be sure to sanitize input in order to avoid this.