CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

AI Translation Available

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Status

incomplete

Abstraction

class

Likelihood

high

Affected Platforms

Technical Details

AI Translation

Common Consequences

confidentiality access control other integrity non-repudiation

Impacts

read application data bypass protection mechanism alter execution logic other hide activities

Detection Methods

automated static analysis

Potential Mitigations

Phases:

requirements implementation

Descriptions:

• Utilize an appropriate mix of allowlist and denylist parsing to filter control-plane syntax from all input.

• Programming languages and supporting technologies might be chosen which are not subject to these issues.

AI Generated Translation

Common Consequences

riservatezza controllo degli accessi altro integrità non-ripudio

Impacts

leggere dati applicazione elusione del meccanismo di protezione alterazione esecuzione logica altro nascondere attività

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

requisiti implementazione

Descriptions:

• Utilizza un mix appropriato di parsing allowlist e denylist per filtrare la sintassi del control-plane da tutti gli input.

• I linguaggi di programmazione e le tecnologie di supporto potrebbero essere scelti in modo da non essere soggetti a questi problemi.

CWE-74

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter