Code Injection Critical

Passing unsanitized external input directly to functions executing system commands like exec.Command or syscall.Exec enables arbitrary code execution through injection attacks. Malicious input can inject code to execute unintended system commands. Input passed to command execution requires strict validation and sanitization to prevent code injection. Whitelists, escaping, or higher level libraries that sanitize inputs should be used. Adding input validation helps prevent malicious code execution.

Detector ID
go/code-injection@v1.0
Category
Common Weakness Enumeration (CWE) external icon