CWE-20
Improper Input Validation
Description
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9
CVEs mapped to this weakness (6,924)
page 210 of 347| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-27516 | — | 0.00 | — | 0.02 | Feb 21, 2021 | URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | ||
| CVE-2020-14343 | — | 0.00 | — | 0.06 | Feb 9, 2021 | A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process… | ||
| CVE-2021-26540 | — | 0.00 | — | 0.02 | Feb 8, 2021 | Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src… | ||
| CVE-2021-26539 | — | 0.00 | — | 0.02 | Feb 8, 2021 | Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option. | ||
| CVE-2020-8568 | — | 0.00 | — | 0.01 | Jan 21, 2021 | Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under… | ||
| CVE-2021-3028 | — | 0.00 | — | 0.03 | Jan 13, 2021 | git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution. | ||
| CVE-2021-21606 | 0.00 | — | 0.01 | Jan 13, 2021 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path. | |||
| CVE-2021-21605 | 0.00 | — | 0.02 | Jan 13, 2021 | Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. | |||
| CVE-2021-3121 | — | 0.00 | — | 0.03 | Jan 11, 2021 | An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. | ||
| CVE-2020-35909 | — | 0.00 | — | 0.01 | Dec 31, 2020 | An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code can panic via unsanitized data from a network server. | ||
| CVE-2020-35918 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic. | ||
| CVE-2020-26291 | 0.00 | — | 0.02 | Dec 30, 2020 | URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (`\`) character followed by an at (`@`) character. If the hostname is used in security decisions, the decision may be incorrect.… | |||
| CVE-2020-7791 | — | 0.00 | — | 0.03 | Dec 11, 2020 | This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs. | ||
| CVE-2020-26270 | 0.00 | — | 0.00 | Dec 10, 2020 | In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the… | |||
| CVE-2020-28923 | — | 0.00 | — | 0.01 | Dec 3, 2020 | An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or… | ||
| CVE-2020-5680 | 0.00 | — | 0.01 | Dec 3, 2020 | Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector. | |||
| CVE-2020-26243 | 0.00 | — | 0.03 | Nov 25, 2020 | Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the… | |||
| CVE-2020-26890 | — | 0.00 | — | 0.03 | Nov 24, 2020 | Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event… | ||
| CVE-2020-7774 | — | 0.00 | — | 0.69 | Nov 17, 2020 | The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. | ||
| CVE-2019-17566 | — | 0.00 | — | 0.11 | Nov 12, 2020 | Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. |
- CVE-2021-27516Feb 21, 2021risk 0.00cvss —epss 0.02
URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
- CVE-2020-14343Feb 9, 2021risk 0.00cvss —epss 0.06
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process…
- CVE-2021-26540Feb 8, 2021risk 0.00cvss —epss 0.02
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src…
- CVE-2021-26539Feb 8, 2021risk 0.00cvss —epss 0.02
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
- CVE-2020-8568Jan 21, 2021risk 0.00cvss —epss 0.01
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under…
- CVE-2021-3028Jan 13, 2021risk 0.00cvss —epss 0.03
git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution.
- CVE-2021-21606Jan 13, 2021risk 0.00cvss —epss 0.01
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.
- CVE-2021-21605Jan 13, 2021risk 0.00cvss —epss 0.02
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.
- CVE-2021-3121Jan 11, 2021risk 0.00cvss —epss 0.03
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
- CVE-2020-35909Dec 31, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code can panic via unsanitized data from a network server.
- CVE-2020-35918Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic.
- CVE-2020-26291Dec 30, 2020risk 0.00cvss —epss 0.02
URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (`\`) character followed by an at (`@`) character. If the hostname is used in security decisions, the decision may be incorrect.…
- CVE-2020-7791Dec 11, 2020risk 0.00cvss —epss 0.03
This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs.
- CVE-2020-26270Dec 10, 2020risk 0.00cvss —epss 0.00
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the…
- CVE-2020-28923Dec 3, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or…
- CVE-2020-5680Dec 3, 2020risk 0.00cvss —epss 0.01
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.
- CVE-2020-26243Nov 25, 2020risk 0.00cvss —epss 0.03
Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the…
- CVE-2020-26890Nov 24, 2020risk 0.00cvss —epss 0.03
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event…
- CVE-2020-7774Nov 17, 2020risk 0.00cvss —epss 0.69
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
- CVE-2019-17566Nov 12, 2020risk 0.00cvss —epss 0.11
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.