CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Export to Word
Description
The product does not adequately filter user-controlled input for special elements with control implications.
Extended Description
N/A
ThreatScore
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
Observed Examples (CVEs)
- No observed examples available.
Related Attack Patterns (CAPEC)
Attack TTPs
N/A
Modes of Introduction
| Phase |
Note |
| Implementation |
REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
Common Consequences
- Impact: Modify Application Data, Execute Unauthorized Code or Commands — Notes:
Potential Mitigations
- Requirements: Programming languages and supporting technologies might be chosen which are not subject to these issues. (N/A)
- Implementation: Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input. (N/A)
Applicable Platforms
- None (Not Language-Specific, Undetermined)
Demonstrative Examples
N/A
Notes
← Back to CWE list