SYM_RS_0009 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Reliance on Untrusted Inputs in a Security Decision
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-807: Reliance on Untrusted Inputs in a Security Decision |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Using std::env::current_exe() for security decisions is unsafe because its output can be manipulated by users. This means the path it returns should not be trusted for authentication, authorization, or other sensitive checks.
Impact
If an attacker can control or spoof the value returned by current_exe(), they could bypass security checks or trick the application into unsafe behavior. This could lead to unauthorized access or execution of malicious code under certain conditions.