...
This is a specific instance of the guideline rule IDS01-J. Sanitize untrusted data passed across a trust boundary. Any string data that originates from outside the program's trust boundary must be sanitized before being executed as a command on the current platform.
...
A weakness in a privileged program caused by relying on untrusted sources such as system properties or the environment (see guideline rule ENV06-J. Provide a trusted environment and sanitize all inputs) can result in the execution of a command or of a program that has privileges beyond those possessed by a typical user.
...
Because Runtime.exec() receives unsanitized data originating from the environment (see guideline rule ENV06-J. Provide a trusted environment and sanitize all inputs), this code is susceptible to a command injection attack.
...
Search for vulnerabilities resulting from the violation of this guideline rule on the CERT website.
Bibliography
...