Code_Injection @ /dsvw.py

**Code\_Injection** issue exists @ **dsvw.py** in branch **main**

The application's do_GET method receives and dynamically executes user-controlled code using exec, at line 57 of /dsvw.py. This could enable an attacker to inject and run arbitrary code.

The attacker can inject the executed code via user input, get, which is retrieved by the application in the do_GET method, at line 56 of /dsvw.py.

**Namespace:** pedrompflopes
**Repository:** small-project
**Repository Url:** https://github.com/pedrompflopes/small-project
**CxAST\-Project:** pedrompflopes/small-project
**CxAST platform scan:** [c8ffe959\-aafe\-486d\-a7e7\-1ba92f6aee49](https://rc.dev.cxast.net/projects/67f6816c-b694-486c-9962-3e11e1ab95bf/scans?id=c8ffe959-aafe-486d-a7e7-1ba92f6aee49&branch=main)
**Branch:** main
**Application:** small-project
**Severity:** HIGH
**State:** TO_VERIFY
**Status:** RECURRENT
**CWE:** 94
**Lines:** [56](https://github.com/pedrompflopes/small-project/blob/main/dsvw.py#L56) 

----
**References**
[Read more](https://rc.dev.cxast.net/results/c8ffe959-aafe-486d-a7e7-1ba92f6aee49/67f6816c-b694-486c-9962-3e11e1ab95bf/sast/description/94/13646819717326216658)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Code_Injection @ /dsvw.py #25

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Code_Injection @ /dsvw.py #25

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions