CWE-913

Improper Control of Dynamically-Managed Code Resources

AI Translation Available

The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.

Status

incomplete

Abstraction

class

Affected Platforms

Interpreted Not Language-Specific

Extended Description

AI Translation

Many languages offer powerful features that allow the programmer to dynamically create or modify existing code, or resources used by code such as variables and objects. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can directly influence these code resources in unexpected ways.

Technical Details

AI Translation

Common Consequences

integrity other

Impacts

execute unauthorized code or commands varies by context alter execution logic

Detection Methods

fuzzing

Potential Mitigations

Phases:

implementation architecture and design

Descriptions:

• Refactor the code so that it does not need to be dynamically managed.

• For any externally-influenced input, check the input against an allowlist of acceptable values.

AI Generated Translation

Common Consequences

integrità altro

Impacts

eseguire codice o comandi non autorizzati varia dal contesto alterazione esecuzione logica

Detection Methods

fuzzing

Potential Mitigations

Phases:

implementazione architettura e design

Descriptions:

• Rifattorizza il codice in modo che non sia più necessario gestirlo dinamicamente.

• Per qualsiasi input influenzato dall'esterno, verificare l'input rispetto a una whitelist di valori accettabili.

CWE-913

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter