Detected string concatenation or formatting in a call to a command via ‘sh’. This could be a command injection vulnerability if the data is user-controlled. Instead, use a list and append the argument. Likelihood: LOW Confidence: LOW CWE: - CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
OWASP: - A01:2017 - Injection
- A03:2021 - Injection