Tainted-code-injection-from-http-request
Tainted code injection from http request
tainted-code-injection-from-http-request
tainted-code-injection-from-http-request
Passing unsanitized user input to a Script Engine or other means of dynamic code evaluation is unsafe. This could lead to code injection with data leakage or arbitrary code execution as a result. Avoid this, or use proper sandboxing if user code evaluation is intended.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP:
- A03:2021 - Injection