Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Generic
- Java-jwt
- Jedis
- Jjwt
- Ktor
- Lang
- Mongo
- Okhttp
- Openai
- Spring
- Cookie-serializer-secure-false
- Exposed-exec-sqli
- Hibernate-sqli
- Jdbctemplate-sqli
- Kmongo-nosqli
- Mongo-driver-nosqli
- Prepare-statetment-sqli
- Scripting-host-eval
- Spring-data-mongo-nosqli
- Tainted-ssrf-spring-add
- Tainted-ssrf-spring-format
- Tainted-system-command
- Sql
- Xxe
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Scripting-host-eval
Scripting host eval
The application might dynamically evaluate untrusted input, which can lead to a code injection vulnerability. An attacker can execute arbitrary code, potentially gaining complete control of the system. To prevent this vulnerability, avoid executing code containing user input. If this is unavoidable, validate and sanitize the input, and use safe alternatives for evaluating user input.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 - Injection