rewrite @description of second-order-command-injection

2026-04-28 02:05:14 +02:00 · 2022-11-03 14:00:29 +01:00
parent 6f3ca40fed
commit b5666888b1
1 changed files with 2 additions and 2 deletions
--- a/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql
+++ b/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql
@@ -1,7 +1,7 @@
 /**
 * @name Second order command injection
- * @description Some shell programs allow arbitrary command execution via their command line arguments.
- *              This is a second order command injection vulnerability.
+ * @description Using user controlled data as arguments to some commands, such as git clone,
+ *              can allow arbitrary commands to be executed.
 * @kind path-problem
 * @problem.severity error
 * @security-severity 7.0