CWE-147
Improper Neutralization of Input Terminators
VariantDraft
Description
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.
For example, a "." in SMTP signifies the end of mail message data, whereas a null character can be used for the end of a string.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-460
CVEs mapped to this weakness (1)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-52505 | Med | 0.28 | 5.4 | 0.00 | Nov 14, 2024 | matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in matrix-appservice-irc version 3.0.3. |