CVE-2024-56331: Powershell Command Injection Via Template
Double quotes or unquoted variables injected into a PowerShell command string can lead to command injection. PowerShell evaluates subexpressions like `$(...)` inside double quotes. Ensure that user input is properly escaped (e.g., doubling single quotes) and wrapped in single quotes within the PowerShell command.
greprules fetch cve-2024-56331-powershell-command-injection-via-template --engine opengrepDescription
Double quotes or unquoted variables injected into a PowerShell command string can lead to command injection. PowerShell evaluates subexpressions like `$(...)` inside double quotes. Ensure that user input is properly escaped (e.g., doubling single quotes) and wrapped in single quotes within the PowerShell command.
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.