The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
abstraction Base
status Stable
The product writes data past the end, or before the beginning, of the intended buffer.
abstraction Base
status Draft
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
abstraction Base
status Stable
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
abstraction Compound
status Stable
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
abstraction Base
status Stable
The product reads data past the end, or before the beginning, of the intended buffer.
abstraction Base
status Draft
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
abstraction Base
status Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
abstraction Variant
status Stable
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
abstraction Class
status Incomplete
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
abstraction Base
status Draft
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
abstraction Base
status Draft
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
abstraction Class
status Stable
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
abstraction Class
status Draft
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
abstraction Class
status Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
abstraction Class
status Draft
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
abstraction Base
status Draft
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
abstraction Class
status Draft
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
abstraction Class
status Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
abstraction Base
status Incomplete
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
abstraction Class
status Stable
The product dereferences a pointer that it expects to be valid but is NULL.
abstraction Base
status Stable
The product contains hard-coded credentials, such as a password or cryptographic key.
abstraction Base
status Draft
The product performs a calculation that can
produce an integer overflow or wraparound when the logic
assumes that the resulting value will always be larger than
the original value. This occurs when an integer value is
incremented to a value that is too large to store in the
associated representation. When this occurs, the value may
become a very small or negative number.
abstraction Base
status Stable
The product does not properly control the allocation and maintenance of a limited resource.
abstraction Class
status Draft
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
abstraction Base
status Draft