SYM_SH_0001 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
| Property | Value |
|---|---|
| Language | bash |
| Severity |  |
| CWE | CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code takes data fetched by a curl command and runs it using eval. This means any code returned from the server will be executed, making your script vulnerable if the server is compromised or malicious.
Impact
An attacker who can control the server’s response could execute arbitrary commands on your system, potentially leading to full system compromise, data theft, or malware installation. This could impact the integrity and security of your environment and expose sensitive data or systems to attackers.