VYPR

CWE-471

Modification of Assumed-Immutable Data (MAID)

BaseDraft

Description

The product does not properly protect an assumed-immutable element from being modified by an attacker.

This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such as hidden form fields in web applications, cookies, and reverse DNS lookups.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-384 · CAPEC-385 · CAPEC-386 · CAPEC-387 · CAPEC-388

CVEs mapped to this weakness (23)

page 2 of 2
  • CVE-2020-8147Apr 3, 2020
    risk 0.00cvss epss 0.03

    Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend.

  • CVE-2020-8116Feb 4, 2020
    risk 0.00cvss epss 0.03

    Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

  • CVE-2011-4301Jul 11, 2012
    risk 0.00cvss epss 0.02

    The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the…