VYPR

CWE-150

Improper Neutralization of Escape, Meta, or Control Sequences

VariantIncomplete

Description

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-134 · CAPEC-41 · CAPEC-81 · CAPEC-93

CVEs mapped to this weakness (43)

page 3 of 3
  • CVE-2022-30123Dec 5, 2022
    risk 0.00cvss epss 0.02

    A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.

  • CVE-2021-25743Jan 7, 2022
    risk 0.00cvss epss 0.01

    kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.

  • CVE-2020-26283Mar 24, 2021
    risk 0.00cvss epss 0.01

    go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user…