VYPR

CWE-156

Improper Neutralization of Whitespace

VariantDraft

Description

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as whitespace when they are sent to a downstream component.

This can include space, tab, etc.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (4)

  • CVE-2025-55001Aug 9, 2025
    risk 0.00cvss epss 0.00

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the…

  • CVE-2025-55000Aug 9, 2025
    risk 0.00cvss epss 0.00

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was…

  • CVE-2025-6013Aug 6, 2025
    risk 0.00cvss epss 0.00

    Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise…

  • CVE-2025-6014Aug 1, 2025
    risk 0.00cvss epss 0.00

    Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.