VYPR

CWE-349

Acceptance of Extraneous Untrusted Data With Trusted Data

BaseDraft

Description

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-141 · CAPEC-142 · CAPEC-75

CVEs mapped to this weakness (26)

page 2 of 2
  • CVE-2024-46982Sep 17, 2024
    risk 0.00cvss epss 0.61

    Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent…

  • CVE-2023-46446Nov 14, 2023
    risk 0.00cvss epss 0.01

    An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."

  • CVE-2023-46445Nov 14, 2023
    risk 0.00cvss epss 0.01

    An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."

  • CVE-2023-5548Nov 9, 2023
    risk 0.00cvss epss 0.00

    Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.

  • CVE-2014-1418May 16, 2014
    risk 0.00cvss epss 0.03

    Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from…

  • CVE-2011-4139Oct 19, 2011
    risk 0.00cvss epss 0.02

    Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.