argo-workflow-parameter-command-injection
argo-workflow-parameter-command-injection
Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 – Injection
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 – Injection