unsafe-binary-to-term
unsafe-binary-to-term
Untrusted input might be injected into the Erlang function
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 - Injection
binary_to_term, which can lead to a remote code execution or memory exhaustion. To prevent this vulnerability, replace functionality with the Plug.Crypto.non_executable_binary_to_term function. Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 - Injection