Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Lang
- Best practice
- Correctness
- Correctness
- Security
- Command-injection
- Rce-code
- Rce-eex
- Sql-injection
- Traversal-file
- Traversal-send-download
- Traversal-send-file
- Unsafe-atom-interpolation
- Unsafe-binary-to-term
- Xss-content-type
- Xss-controller-html
- Xss-raw
- Phoenix
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Rce-eex
Rce eex
Untrusted input might be injected into a evaluation statement executed by the application, which can lead to a remote code execution. An attacker can execute arbitrary Elixir code, potentially gaining complete control of the system. To prevent this vulnerability, avoid evaluating Elixir code with user input through the EEx.eval_*
functions. If this is unavoidable, validate and sanitize the input, and use safe methods for executing the commands.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 - Injection