VYPR

CWE-173

Improper Handling of Alternate Encoding

VariantDraft

Description

The product does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-120 · CAPEC-267 · CAPEC-3 · CAPEC-4 · CAPEC-52 · CAPEC-53 · CAPEC-64 · CAPEC-71 · CAPEC-72 · CAPEC-78 · CAPEC-79 · CAPEC-80

CVEs mapped to this weakness (4)

  • CVE-2023-26303Feb 22, 2023
    risk 0.00cvss epss 0.00

    Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input.

  • CVE-2023-26302Feb 22, 2023
    risk 0.00cvss epss 0.00

    Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.

  • CVE-2022-0235Jan 16, 2022
    risk 0.00cvss epss 0.02

    node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

  • CVE-2020-8908Dec 10, 2020
    risk 0.00cvss epss 0.01

    A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the…