SYM_RS_0007 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Reliance on Untrusted Inputs in a Security Decision
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-807: Reliance on Untrusted Inputs in a Security Decision |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Relying on std::env::args_os() for security decisions is unsafe because command-line arguments can be modified or spoofed by users. The first argument, often assumed to be the executable path, can contain arbitrary content and should not be trusted.
Impact
If your application uses args_os for authentication, authorization, or other security checks, attackers could manipulate process arguments to bypass protections or mislead the application, potentially leading to unauthorized access or incorrect behavior.