Description
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive – that is, it allows an input that is unsafe, leading to resultant weaknesses.
Modes of Introduction:
– Implementation
Related Weaknesses
CWE-697
CWE-434
Consequences
Access Control: Bypass Protection Mechanism
Potential Mitigations
CVE References
- CVE-2019-12799
- chain: bypass of untrusted deserialization issue (CWE-502) by using an assumed-trusted class (CWE-183)
- CVE-2019-10458
- CI/CD pipeline feature has unsafe elements in allowlist, allowing bypass of script restrictions
- CVE-2017-1000095
- Default allowlist includes unsafe methods, allowing bypass of sandbox
