curl-pipe-bash
bash
from a curl
command. An attacker with control of the server in the curl
command could inject malicious code into the pipe, resulting in a system compromise. Avoid piping untrusted data into bash
or any other shell if you can. If you must do this, consider checking the SHA sum of the content returned by the server to verify its integrity.curl-eval
curl
command. An attacker with control of the server in the curl
command could inject malicious code into the eval
, resulting in a system comrpomise. Avoid eval’ing untrusted data if you can. If you must do this, consider checking the SHA sum of the content returned by the server to verify its integrity.