CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

AI Translation Available

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

Status

draft

Abstraction

base

Affected Platforms

Technical Details

AI Translation

Common Consequences

integrity

Impacts

modify application data

Detection Methods

automated static analysis

Potential Mitigations

Phases:

implementation

Descriptions:

• Appropriately filter or quote CRLF sequences in user-controlled input.

• Avoid using CRLF as a special sequence.

AI Generated Translation

Common Consequences

integrità

Impacts

modificare dati applicazione

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

implementazione

Descriptions:

• Filtrare o citare correttamente le sequenze CRLF nell'input controllato dall'utente.

• Evita di usare CRLF come sequenza speciale.

CWE-93

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter