The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
abstraction Variant
status Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.
abstraction Base
status Draft
The product generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.
abstraction Variant
status Draft
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
abstraction Variant
status Draft
The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
abstraction Class
status Draft
The product uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does not expect.
abstraction Variant
status Incomplete
The product has a validator form that either does not define a validate() method, or defines a validate() method but does not call super.validate().
abstraction Variant
status Draft
If a form bean does not extend an ActionForm subclass of the Validator framework, it can expose the application to other weaknesses related to insufficient input validation.
abstraction Variant
status Draft
The product has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation.
abstraction Variant
status Draft
When an application does not use an input validation framework such as the Struts Validator, there is a greater risk of introducing weaknesses related to insufficient input validation.
abstraction Variant
status Draft
An unused validation form indicates that validation logic is not up-to-date.
abstraction Variant
status Draft
Every Action Form must have a corresponding validation form.
abstraction Variant
status Incomplete
Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation.
abstraction Variant
status Draft
Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date.
abstraction Variant
status Draft
When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.
abstraction Variant
status Draft
The product accepts XML from an untrusted source but does not validate the XML against the proper schema.
abstraction Base
status Draft
The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
abstraction Variant
status Incomplete
Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.
abstraction Class
status Incomplete
The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.
abstraction Base
status Incomplete
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
abstraction Class
status Draft
The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.
abstraction Base
status Draft
The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.
abstraction Class
status Incomplete
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
abstraction Class
status Stable
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
abstraction Base
status Incomplete
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
abstraction Variant
status Draft
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
abstraction Variant
status Draft
Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
abstraction Base
status Draft
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
abstraction Base
status Incomplete
The product reads data past the end, or before the beginning, of the intended buffer.
abstraction Base
status Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
abstraction Variant
status Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.
abstraction Variant
status Draft
Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.
abstraction Base
status Incomplete
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
abstraction Variant
status Draft
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
abstraction Base
status Incomplete
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
abstraction Base
status Draft
This entry has been deprecated because it was a duplicate of CWE-170. All content has been transferred to CWE-170.
abstraction Base
status Deprecated
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
abstraction Base
status Draft
The product does not correctly calculate the length of strings that can contain wide or multi-byte characters.
abstraction Base
status Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.
abstraction Class
status Draft
The product does not neutralize or incorrectly neutralizes delimiters.
abstraction Base
status Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component.
abstraction Variant
status Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as value delimiters when they are sent to a downstream component.
abstraction Variant
status Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as record delimiters when they are sent to a downstream component.
abstraction Variant
status Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as line delimiters when they are sent to a downstream component.
abstraction Variant
status Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as section delimiters when they are sent to a downstream component.
abstraction Variant
status Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expression or command delimiters when they are sent to a downstream component.
abstraction Variant
status Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.
abstraction Variant
status Draft
The product does not properly handle when a leading character or sequence ("leader") is missing or malformed, or if multiple leaders are used when only one should be allowed.
abstraction Variant
status Draft
Quotes injected into a product can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions.
abstraction Variant
status Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.
abstraction Variant
status Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as comment delimiters when they are sent to a downstream component.
abstraction Variant
status Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as macro symbols when they are sent to a downstream component.
abstraction Variant
status Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as substitution characters when they are sent to a downstream component.
abstraction Variant
status Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as variable name delimiters when they are sent to a downstream component.
abstraction Variant
status Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component.
abstraction Variant
status Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as whitespace when they are sent to a downstream component.
abstraction Variant
status Draft
The product does not properly handle the characters that are used to mark the beginning and ending of a group of entities, such as parentheses, brackets, and braces.
abstraction Variant
status Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.
abstraction Variant
status Incomplete
The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.
abstraction Class
status Draft
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes leading special elements that could be interpreted in unexpected ways when they are sent to a downstream component.
abstraction Variant
status Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple leading special elements that could be interpreted in unexpected ways when they are sent to a downstream component.
abstraction Variant
status Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes trailing special elements that could be interpreted in unexpected ways when they are sent to a downstream component.
abstraction Variant
status Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple trailing special elements that could be interpreted in unexpected ways when they are sent to a downstream component.
abstraction Variant
status Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes internal special elements that could be interpreted in unexpected ways when they are sent to a downstream component.
abstraction Variant
status Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple internal special elements that could be interpreted in unexpected ways when they are sent to a downstream component.
abstraction Variant
status Incomplete
The product receives input from an upstream component, but it does not handle or incorrectly handles when an expected special element is missing.
abstraction Base
status Draft
The product receives input from an upstream component, but it does not handle or incorrectly handles when an additional unexpected special element is provided.
abstraction Base
status Draft
The product does not properly handle input in which an inconsistency exists between two or more special characters or reserved words.
abstraction Base
status Draft
The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
abstraction Base
status Incomplete
The product does not properly encode or decode the data, resulting in unexpected values.
abstraction Class
status Draft
The product does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.
abstraction Variant
status Draft
The product decodes the same input twice, which can limit the effectiveness of any protection mechanism that occurs in between the decoding operations.
abstraction Variant
status Draft
The product does not properly handle when the same input uses several different (mixed) encodings.
abstraction Variant
status Draft
The product does not properly handle when an input contains Unicode encoding.
abstraction Variant
status Draft
The product does not properly handle when all or part of an input has been URL encoded.
abstraction Variant
status Draft
The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.
abstraction Base
status Incomplete
The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification.
abstraction Base
status Incomplete
The product validates input before it is canonicalized, which prevents the product from detecting data that becomes invalid after the canonicalization step.
abstraction Variant
status Draft
The product validates data before it has been filtered, which prevents the product from detecting data that becomes invalid after the filtering step.
abstraction Variant
status Draft
The product filters data in a way that causes it to be reduced or "collapsed" into an unsafe value that violates an expected security property.
abstraction Base
status Draft