CWE-75
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
AI Translation Available
The product does not adequately filter user-controlled input for special elements with control implications.
Status
draft
Abstraction
class
Affected Platforms
Technical Details
AI Translation
Common Consequences
integrity
confidentiality
availability
Impacts
modify application data
execute unauthorized code or commands
Potential Mitigations
Phases:
requirements
implementation
Descriptions:
•
Programming languages and supporting technologies might be chosen which are not subject to these issues.
•
Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input.