Read Time:27 Second

Description

The software does not adequately filter user-controlled input for special elements with control implications.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-74

 

Consequences

Integrity, Confidentiality, Availability: Modify Application Data, Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Requirements

Effectiveness:

Description: 

Programming languages and supporting technologies might be chosen which are not subject to these issues.

Phase: Implementation

Effectiveness:

Description: 

Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input.

CVE References