Python : Injection code

Classification

OWASP Top 10 2013

A1-Injection

OWASP Top 10 2017

A1-Injection

OWASP Top 10 2021

A3-Injection A8-Software and Data Integrity Failures

OWASP ASVS

Validation, Sanitization and Encoding Validation, Sanitization and Encoding Validation, Sanitization and Encoding Validation, Sanitization and Encoding

PCI DSS 4.0

6.2.4

CWE

CWE-94 CWE-95 CWE-829 CWE-830 CWE-1027

CWE/SANS Top 25 2011

CWE-829

Overview

Python is a particularly interesting tool for attackers due to its prevalence on server and developer machines, its ability to execute (exec) arbitrary code provided as data (as opposed to native binaries), and its complete lack of internal auditing.

References

The exec statement
CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
CWE-829
CWE-94
CWE-95

MEDIUM

Python : Injection code

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Python : Injection code in your application?

See also

Python : Debug mode on

Python : Web3: Deprecated method

Python : Unsafe padding