CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
AI Translation Available
The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
Status
incomplete
Abstraction
base
Affected Platforms
ASP.NET
Not Language-Specific
PHP
Python
Ruby
Extended Description
AI Translation
If the object contains attributes that were only intended for internal use, then their unexpected modification could lead to a vulnerability.
This weakness is sometimes known by the language-specific mechanisms that make it possible, such as mass assignment, autobinding, or object injection.
Technical Details
AI Translation
Common Consequences
integrity
other
Impacts
modify application data
execute unauthorized code or commands
varies by context
alter execution logic
Detection Methods
automated static analysis
Potential Mitigations
Phases:
implementation
architecture and design
Descriptions:
•
If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.
•
Refactor the code so that object attributes or fields do not need to be dynamically identified, and only expose getter/setter functionality for the intended attributes.
•
If available, use features of the language or framework that allow specification of allowlists of attributes or fields that are allowed to be modified. If possible, prefer allowlists over denylists.
For applications written with Ruby on Rails, use the attr_accessible (allowlist) or attr_protected (denylist) macros in each class that may be used in mass assignment.
•
For any externally-influenced input, check the input against an allowlist of internal object attributes or fields that are allowed to be modified.