CVE-2025-5273: Exec Shell Command Injection
Constructing shell commands using string interpolation or concatenation and executing them via `exec` can lead to command injection if variables contain unsanitized user input. Prefer `execFile` where arguments are passed as an array to bypass shell interpretation entirely.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
JS
JSgreprules fetch cve-2025-5273-exec-shell-command-injection --engine opengrepDescription
Constructing shell commands using string interpolation or concatenation and executing them via `exec` can lead to command injection if variables contain unsanitized user input. Prefer `execFile` where arguments are passed as an array to bypass shell interpretation entirely.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0