CWE-75
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Description
The product does not adequately filter user-controlled input for special elements with control implications.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-81 · CAPEC-93
CVEs mapped to this weakness (21)
page 1 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-37779 | Hig | 0.58 | 8.8 | 0.01 | Sep 23, 2024 | WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. | ||
| CVE-2026-31908 | Cri | 0.52 | 9.1 | 0.01 | Apr 14, 2026 | Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which… | ||
| CVE-2024-23274 | Hig | 0.51 | 7.8 | 0.00 | Mar 8, 2024 | An injection issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. | ||
| CVE-2024-23268 | Hig | 0.51 | 7.8 | 0.00 | Mar 8, 2024 | An injection issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. | ||
| CVE-2024-24257 | — | Hig | 0.49 | 7.5 | 0.00 | Jul 26, 2024 | An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component. | |
| CVE-2024-21503 | Med | 0.28 | 5.3 | 0.01 | Mar 19, 2024 | Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of… | ||
| CVE-2016-9471 | Low | 0.20 | 3.1 | 0.01 | Mar 28, 2017 | Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the… | ||
| CVE-2021-39174 | 0.04 | — | 0.04 | Aug 27, 2021 | Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email,… | |||
| CVE-2026-29042 | 0.00 | — | 0.02 | Mar 6, 2026 | Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime… | |||
| CVE-2026-27120 | — | 0.00 | — | 0.00 | Feb 20, 2026 | Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the… | ||
| CVE-2025-61911 | — | 0.00 | — | 0.00 | Oct 10, 2025 | python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the… | ||
| CVE-2025-50213 | 0.00 | — | 0.01 | Jun 24, 2025 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added… | |||
| CVE-2024-29686 | — | 0.00 | — | 0.02 | Mar 29, 2024 | Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted… | ||
| CVE-2023-6134 | 0.00 | — | 0.01 | Dec 14, 2023 | A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the… | |||
| CVE-2023-40743 | 0.00 | — | 0.02 | Sep 5, 2023 | ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API… | |||
| CVE-2023-1758 | — | 0.00 | — | 0.01 | Apr 5, 2023 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||
| CVE-2022-4721 | — | 0.00 | — | 0.00 | Dec 23, 2022 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5. | ||
| CVE-2022-3607 | 0.00 | — | 0.00 | Oct 19, 2022 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. | |||
| CVE-2021-23562 | — | 0.00 | — | 0.01 | Dec 3, 2021 | This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file. | ||
| CVE-2021-32798 | 0.00 | — | 0.02 | Aug 9, 2021 | The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an… |
- risk 0.58cvss 8.8epss 0.01
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.
- risk 0.52cvss 9.1epss 0.01
Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which…
- risk 0.51cvss 7.8epss 0.00
An injection issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
- risk 0.51cvss 7.8epss 0.00
An injection issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
- risk 0.49cvss 7.5epss 0.00
An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component.
- risk 0.28cvss 5.3epss 0.01
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of…
- risk 0.20cvss 3.1epss 0.01
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the…
- CVE-2021-39174Aug 27, 2021risk 0.04cvss —epss 0.04
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email,…
- CVE-2026-29042Mar 6, 2026risk 0.00cvss —epss 0.02
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime…
- CVE-2026-27120Feb 20, 2026risk 0.00cvss —epss 0.00
Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the…
- CVE-2025-61911Oct 10, 2025risk 0.00cvss —epss 0.00
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the…
- CVE-2025-50213Jun 24, 2025risk 0.00cvss —epss 0.01
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added…
- CVE-2024-29686Mar 29, 2024risk 0.00cvss —epss 0.02
Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted…
- CVE-2023-6134Dec 14, 2023risk 0.00cvss —epss 0.01
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the…
- CVE-2023-40743Sep 5, 2023risk 0.00cvss —epss 0.02
** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API…
- CVE-2023-1758Apr 5, 2023risk 0.00cvss —epss 0.01
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
- CVE-2022-4721Dec 23, 2022risk 0.00cvss —epss 0.00
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5.
- CVE-2022-3607Oct 19, 2022risk 0.00cvss —epss 0.00
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.
- CVE-2021-23562Dec 3, 2021risk 0.00cvss —epss 0.01
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
- CVE-2021-32798Aug 9, 2021risk 0.00cvss —epss 0.02
The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an…