rce-code
rce-code
Untrusted input might be injected into a evaluation statement executed by the application, which can lead to a remote code execution. An attacker can execute arbitrary Elixir code, potentially gaining complete control of the system. To prevent this vulnerability, avoid evaluating Elixir code with user input through the
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 - Injection
Code.eval_* functions. If this is unavoidable, validate and sanitize the input, and use safe methods for executing the commands.Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 - Injection