...
CVE-2010-0886 | |
CVE-2010-1826 | Command injection in |
T-472 | Mac OS X Java Command Injection Flaw in |
Related Guidelines
ENV03-C. Sanitize the environment when invoking external programs | |
| ENV04-C. Do not call system() if you do not need a command processor |
ENV03-CPP. Sanitize the environment when invoking external programs | |
CERT Perl Secure Coding Standard | IDS34-PL. Do not pass untrusted, unsanitized data to a command interpreter |
Injection [RST] | |
CWE-78, Improper neutralization of special elements used in an OS command ("OS command injection") |
Android Implementation Details
Runtime.exec()
can be called from Android apps to execute operating system commands.
Bibliography
Chapter 5, "Handling Input," section "Command Injection" | |
[OWASP 2005] | A Guide to Building Secure Web Applications and Web Services |
[Permissions 2008] | Permissions in the Java™ SE 6 Development Kit (JDK) |
...