Found user data in a call to ‘eval’. This is extremely dangerous because it can enable an attacker to execute remote code. See https://owasp.org/www-community/attacks/Code_Injection for more information. Likelihood: MEDIUM Confidence: MEDIUM CWE: - CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP: - A03:2021 - Injection
user-exec
Found user data in a call to ‘exec’. This is extremely dangerous because it can enable an attacker to execute arbitrary remote code on the system. Instead, refactor your code to not use ‘eval’ and instead use a safe library for the specific functionality you need. Likelihood: MEDIUM Confidence: MEDIUM CWE: - CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP: - A03:2021 - Injection
user-exec-format-string
Found user data in a call to ‘exec’. This is extremely dangerous because it can enable an attacker to execute arbitrary remote code on the system. Instead, refactor your code to not use ‘eval’ and instead use a safe library for the specific functionality you need. Likelihood: MEDIUM Confidence: MEDIUM CWE: - CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP: - A03:2021 - Injection
globals-misuse-code-execution
Found request data as an index to ‘globals()’. This is extremely dangerous because it allows an attacker to execute arbitrary code on the system. Refactor your code not to use ‘globals()’. Likelihood: LOW Confidence: LOW CWE: - CWE-96: Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’)
OWASP: - A03:2021 - Injection
user-eval
Found user data in a call to ‘eval’. This is extremely dangerous because it can enable an attacker to execute arbitrary remote code on the system. Instead, refactor your code to not use ‘eval’ and instead use a safe library for the specific functionality you need. Likelihood: MEDIUM Confidence: MEDIUM CWE: - CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP: - A03:2021 - Injection