CWE-914

Improper Control of Dynamically-Identified Variables

AI Translation Available

The product does not properly restrict reading from or writing to dynamically-identified variables.

Status

incomplete

Abstraction

base

Affected Platforms

Interpreted Not Language-Specific

Extended Description

AI Translation

Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended variables that have security implications.

Technical Details

AI Translation

Common Consequences

integrity other

Impacts

modify application data execute unauthorized code or commands varies by context alter execution logic

Potential Mitigations

Phases:

implementation architecture and design

Descriptions:

• For any externally-influenced input, check the input against an allowlist of internal program variables that are allowed to be modified.

• Refactor the code so that internal program variables do not need to be dynamically identified.

AI Generated Translation

Common Consequences

integrità altro

Impacts

modificare dati applicazione eseguire codice o comandi non autorizzati varia dal contesto alterazione esecuzione logica

Potential Mitigations

Phases:

implementazione architettura e design

Descriptions:

• Per qualsiasi input influenzato dall'esterno, verificare l'input rispetto a una lista di approvazione di variabili interne del programma che sono consentite essere modificate.

• Rifattorizza il codice in modo che le variabili interne del programma non necessitino di essere identificate dinamicamente.

CWE-914

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter