Security News > 2024 > July > CISA urges devs to weed out OS command injection vulnerabilities
CISA and the FBI urged software companies on Wednesday to review their products and eliminate path OS command injection vulnerabilities before shipping.
"OS command injection vulnerabilities arise when manufacturers fail to properly validate and sanitize user input when constructing commands to execute on the underlying OS," today's joint advisory explains.
"OS command injection vulnerabilities have long been preventable by clearly separating user input from the contents of a command. Despite this finding, OS command injection vulnerabilities-many of which result from CWE-78-are still a prevalent class of vulnerability," CISA and the FBI added.
OS command injection security bugs took the fifth spot in MITRE's top 25 most dangerous software weaknesses, surpassed only by out-of-bounds write, cross-site scripting, SQL injection, and use-after-free flaws.
In May and March, two other "Secure by Design" alerts urged tech executives and software developers to weed out path traversal and SQL injection security vulnerabilities.
CISA urges software devs to weed out SQL injection vulnerabilities.