...
| CERT C++ Secure Coding Standard | ENV03-CPP. Sanitize the environment when invoking external programs |
| CERT Oracle Secure Coding Standard for Java | IDS07-J. Do not pass untrusted, unsanitized data to the Runtime.exec() method |
| ISO/IEC TR 24772:2013 | Executing or loading untrusted code Loading Untrusted Code [XYS] |
| MITRE CWE | CWE-78, Failure to sanitize data into an OS command (aka "OS command injection") CWE-88, Argument injection or modification CWE-426, Untrusted search path CWE-807, Reliance on intrusted inputs in a security decision |
...