VYPR

CWE-146

Improper Neutralization of Expression/Command Delimiters

VariantIncomplete

Description

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expression or command delimiters when they are sent to a downstream component.

As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-15 · CAPEC-6

CVEs mapped to this weakness (1)