You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If any of the variables going systemcall can be controlled by an attacker, then this is a command injection vulnerability.
Either way, I would resolve needless(?) shell=True here and build a list to call that command, not a flat string.
Thanks, Sebastian
The text was updated successfully, but these errors were encountered:
Hi!
I found this code:
pypeek/src/pypeek/main.py
Lines 1049 to 1058 in ac94d6a
If any of the variables going
systemcall
can be controlled by an attacker, then this is a command injection vulnerability.Either way, I would resolve needless(?)
shell=True
here and build a list to call that command, not a flat string.Thanks, Sebastian
The text was updated successfully, but these errors were encountered: