DerScanner
Home / Vulnerability Database / Groovy : Executing commands or loading libraries from an untrusted source
Groovy

Groovy : Executing commands or loading libraries from an untrusted source

Classification

OWASP Top 10 2013
A1-Injection
OWASP Top 10 2017
A1-Injection
OWASP Top 10 2021
A3-InjectionA8-Software and Data Integrity Failures
OWASP MASVS
V7: 7.5.(L1/L2/L1+R/L2+R)
OWASP ASVS
Malicious Code
PCI DSS 4.0
6.2.4
CWE
CWE-114CWE-494CWE-1027
CWE/SANS Top 25 2011
CWE-494

Overview

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute attacker’s malicious commands (and payloads) on behalf of a victim.

References

  1. OWASP: Process Control
  2. CWE-114: Process Control
  3. OWASP Top 10 2017-A1-Injection
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
MEDIUM

DerScanner Severity Score

Do you want to fix Groovy : Executing commands or loading libraries from an untrusted source in your application?

See also

Groovy

Groovy : Weak hashing algorithm

Groovy

Groovy : Hardcoded salt

Groovy

Groovy : Unsafe padding