CWE-502 – Deserialization of Untrusted Data
Description The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. Serialization and deserialization refer to the process of taking...
CWE-183 – Permissive List of Allowed Inputs
Description The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because...