Code injection is caused as a result of malicious user untrusted input being injected into dynamically constructed code. The javax.script package provides utilities to use various scripting engines from Java code. If misused, an attacker can execute arbitrary code on the target system. These kinds of errors are dangerous because any violations of secure coding practices in dynamically generated code cannot be statically determined.
...
In addition, a complementary policy is to create a secure sandbox using a security manager (ENV02-J. Create a secure sandbox using a Security Manager). This approach is akin to the one discussed in the first compliant solution of IDS10-J. Prevent XML external entity attacks. The application should not allow the script to execute arbitrary commands such as, for querying the local file system. The two-argument form of doPrivileged() can be used to lower privileges when the application must operate with higher privileges but the scripting engine must not. The RestrictedAccessControlContext strips the permissions granted in the default policy file by not granting the same permissions to the newly created protection domain. The effective permissions are the intersection of the permissions of the newly created protection domain and the system wide security policy. Refer to the guideline SEC00-J. Follow the principle of least privilege for more details on the two-argument form.
...
Risk Assessment
Failing to prevent against code injection can result in the execution of arbitrary code.
...