CWE-173
Improper Handling of Alternate Encoding
Description
The product does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-120 · CAPEC-267 · CAPEC-3 · CAPEC-4 · CAPEC-52 · CAPEC-53 · CAPEC-64 · CAPEC-71 · CAPEC-72 · CAPEC-78 · CAPEC-79 · CAPEC-80
CVEs mapped to this weakness (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-26303 | — | 0.00 | — | 0.00 | Feb 22, 2023 | Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input. | ||
| CVE-2023-26302 | — | 0.00 | — | 0.00 | Feb 22, 2023 | Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input. | ||
| CVE-2022-0235 | 0.00 | — | 0.02 | Jan 16, 2022 | node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2020-8908 | — | 0.00 | — | 0.01 | Dec 10, 2020 | A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the… |
- CVE-2023-26303Feb 22, 2023risk 0.00cvss —epss 0.00
Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input.
- CVE-2023-26302Feb 22, 2023risk 0.00cvss —epss 0.00
Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.
- CVE-2022-0235Jan 16, 2022risk 0.00cvss —epss 0.02
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
- CVE-2020-8908Dec 10, 2020risk 0.00cvss —epss 0.01
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the…