CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Description
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-101 · CAPEC-105 · CAPEC-108 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-14 · CAPEC-24 · CAPEC-250 · CAPEC-267 · CAPEC-273 · CAPEC-28 · CAPEC-3 · CAPEC-34 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-51 · CAPEC-52 · CAPEC-53 · CAPEC-6 · CAPEC-64 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-83 · CAPEC-84 · CAPEC-9
CVEs mapped to this weakness (3,064)
page 148 of 154| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-26543 | — | 0.00 | — | 0.04 | May 6, 2021 | The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5. | ||
| CVE-2021-31164 | — | 0.00 | — | 0.03 | May 4, 2021 | Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements. | ||
| CVE-2021-21333 | 0.00 | — | 0.00 | Mar 26, 2021 | Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring… | |||
| CVE-2021-27908 | 0.00 | — | 0.00 | Mar 23, 2021 | In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing… | |||
| CVE-2021-21353 | 0.00 | — | 0.02 | Mar 3, 2021 | Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug… | |||
| CVE-2021-21316 | 0.00 | — | 0.00 | Feb 16, 2021 | less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. `*.less` files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript… | |||
| CVE-2021-23335 | — | 0.00 | — | 0.00 | Feb 11, 2021 | All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure. | ||
| CVE-2021-27185 | — | 0.00 | — | 0.19 | Feb 10, 2021 | The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec. | ||
| CVE-2021-21479 | — | 0.00 | — | 0.78 | Feb 9, 2021 | In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. | ||
| CVE-2021-21305 | 0.00 | — | 0.03 | Feb 8, 2021 | CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation… | |||
| CVE-2020-7786 | — | 0.00 | — | 0.01 | Feb 8, 2021 | This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js. | ||
| CVE-2020-7782 | — | 0.00 | — | 0.01 | Feb 8, 2021 | This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package. | ||
| CVE-2021-21303 | 0.00 | — | 0.00 | Feb 5, 2021 | Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from… | |||
| CVE-2021-21277 | 0.00 | — | 0.00 | Feb 1, 2021 | angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compile(userControlledInput)" where… | |||
| CVE-2021-21278 | 0.00 | — | 0.00 | Jan 26, 2021 | RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code,… | |||
| CVE-2021-21263 | 0.00 | — | 0.01 | Jan 19, 2021 | Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a… | |||
| CVE-2020-26298 | — | 0.00 | — | 0.01 | Jan 11, 2021 | Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when… | ||
| CVE-2020-28468 | — | 0.00 | — | 0.05 | Jan 8, 2021 | This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution. | ||
| CVE-2020-26293 | 0.00 | — | 0.00 | Jan 4, 2021 | HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `` tag, an attacker… | |||
| CVE-2020-26282 | 0.00 | — | 0.02 | Dec 24, 2020 | BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template… |
- CVE-2021-26543May 6, 2021risk 0.00cvss —epss 0.04
The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5.
- CVE-2021-31164May 4, 2021risk 0.00cvss —epss 0.03
Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.
- CVE-2021-21333Mar 26, 2021risk 0.00cvss —epss 0.00
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring…
- CVE-2021-27908Mar 23, 2021risk 0.00cvss —epss 0.00
In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing…
- CVE-2021-21353Mar 3, 2021risk 0.00cvss —epss 0.02
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug…
- CVE-2021-21316Feb 16, 2021risk 0.00cvss —epss 0.00
less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. `*.less` files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript…
- CVE-2021-23335Feb 11, 2021risk 0.00cvss —epss 0.00
All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.
- CVE-2021-27185Feb 10, 2021risk 0.00cvss —epss 0.19
The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.
- CVE-2021-21479Feb 9, 2021risk 0.00cvss —epss 0.78
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.
- CVE-2021-21305Feb 8, 2021risk 0.00cvss —epss 0.03
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation…
- CVE-2020-7786Feb 8, 2021risk 0.00cvss —epss 0.01
This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js.
- CVE-2020-7782Feb 8, 2021risk 0.00cvss —epss 0.01
This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package.
- CVE-2021-21303Feb 5, 2021risk 0.00cvss —epss 0.00
Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from…
- CVE-2021-21277Feb 1, 2021risk 0.00cvss —epss 0.00
angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compile(userControlledInput)" where…
- CVE-2021-21278Jan 26, 2021risk 0.00cvss —epss 0.00
RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code,…
- CVE-2021-21263Jan 19, 2021risk 0.00cvss —epss 0.01
Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a…
- CVE-2020-26298Jan 11, 2021risk 0.00cvss —epss 0.01
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when…
- CVE-2020-28468Jan 8, 2021risk 0.00cvss —epss 0.05
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
- CVE-2020-26293Jan 4, 2021risk 0.00cvss —epss 0.00
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `` tag, an attacker…
- CVE-2020-26282Dec 24, 2020risk 0.00cvss —epss 0.02
BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template…