Sh
Security
string-concat
string-concat
Detected string concatenation or formatting in a call to a command via ‘sh’. This could be a command injection vulnerability if the data is user-controlled. Instead, use a list and append the argument.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection