VYPR

CWE-179

Incorrect Behavior Order: Early Validation

BaseIncomplete

Description

The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification.

Product needs to validate data at the proper time, after data has been canonicalized and cleansed. Early validation is susceptible to various manipulations that result in dangerous inputs that are produced by canonicalization and cleansing.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-3 · CAPEC-43 · CAPEC-71

CVEs mapped to this weakness (2)

  • CVE-2026-3832LowApr 30, 2026
    risk 0.17cvss 3.7epss 0.01

    A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with…

  • CVE-2025-4759May 16, 2025
    risk 0.00cvss epss 0.00

    Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages…