SYM_SH_0003 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Input Validation
| Property | Value |
|---|---|
| Language | bash |
| Severity |  |
| CWE | CWE-20: Improper Input Validation |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Setting the IFS (Internal Field Separator) variable globally in Bash scripts can change how input is split, potentially leading to unexpected behavior or security issues. This can cause scripts to incorrectly parse user input or files, especially when expanding unquoted variables.
Impact
If an attacker can influence input or the environment, they may exploit the altered IFS setting to inject unexpected values or commands, possibly bypassing intended input checks or causing code execution. This can lead to data corruption, privilege escalation, or script malfunction.