CWE-344 – Use of Invariant Value in Dynamically Changing Context
Description The product uses a constant value, name, or reference, but this value can (or should) vary across different environments. Modes of Introduction: - Architecture...
CWE-345 – Insufficient Verification of Data Authenticity
Description The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. Modes of...
CWE-346 – Origin Validation Error
Description The software does not properly verify that the source of data or communication is valid. Modes of Introduction: - Architecture and Design ...
CWE-347 – Improper Verification of Cryptographic Signature
Description The software does not verify, or incorrectly verifies, the cryptographic signature for data. Modes of Introduction: - Architecture and Design Related Weaknesses...
CWE-348 – Use of Less Trusted Source
Description The software has two different sources of the same data or information, but it uses the source that has less support for verification, is...
CWE-349 – Acceptance of Extraneous Untrusted Data With Trusted Data
Description The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if...
CWE-35 – Path Traversal: ‘…/…//’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled...
CWE-350 – Reliance on Reverse DNS Resolution for a Security-Critical Action
Description The software performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly...
CWE-351 – Insufficient Type Distinction
Description The software does not properly distinguish between different types of elements in a way that leads to insecure behavior. Modes of Introduction: - Implementation...
CWE-352 – Cross-Site Request Forgery (CSRF)
Description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted...