You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Command_Injection issue exists @ dsvw.py in branch main
The application's do_GET method calls an OS (shell) command with envs, at line 57 of /dsvw.py, using an untrusted string with the command to execute.
This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.
The attacker may be able to inject the executed command via user input, get, which is retrieved by the application in the do_GET method, at line 56 of /dsvw.py.
Command_Injection issue exists @ dsvw.py in branch main
The application's do_GET method calls an OS (shell) command with envs, at line 57 of /dsvw.py, using an untrusted string with the command to execute.
This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.
The attacker may be able to inject the executed command via user input, get, which is retrieved by the application in the do_GET method, at line 56 of /dsvw.py.
Namespace: pedrompflopes
Repository: small-project
Repository Url: https://github.com/pedrompflopes/small-project
CxAST-Project: pedrompflopes/small-project
CxAST platform scan: c8ffe959-aafe-486d-a7e7-1ba92f6aee49
Branch: main
Application: small-project
Severity: HIGH
State: TO_VERIFY
Status: RECURRENT
CWE: 77
Lines: 56
References
Read more
The text was updated successfully, but these errors were encountered: