Read Time:27 Second
Description
The software does not adequately filter user-controlled input for special elements with control implications.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
Consequences
Integrity, Confidentiality, Availability: Modify Application Data, Execute Unauthorized Code or Commands
Potential Mitigations
Phase: Requirements
Effectiveness:
Description:
Programming languages and supporting technologies might be chosen which are not subject to these issues.
Phase: Implementation
Effectiveness:
Description:
Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input.
CVE References