os remote command injection OWASP fake alert?

I am doing a security scan with OWASP that detects a vulnerability by remote injection of operating system commands, through the GET method, …