CVE-2026-30351: Skipped Project Specific Command Execution

A user-controlled property named 'command' is passed to a generic execution method (e.g., .start(), .run()). This could indicate command injection if the underlying method acts as an OS command execution wrapper. (Ruleability: Skip)

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0python

greprules fetch cve-2026-30351-skipped-project-specific-command-execution --engine opengrep

Description

A user-controlled property named 'command' is passed to a generic execution method (e.g., .start(), .run()). This could indicate command injection if the underlying method acts as an OS command execution wrapper. (Ruleability: Skip)

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Trust signals: 109 downloads
0 direct109 via packs
· 0 stars · Trust score 53How trust works
Included packs: 2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark useful Report false positive Suggest metadata