VYPR

CWE-794

Incomplete Filtering of Multiple Instances of Special Elements

VariantIncomplete

Description

The product receives data from an upstream component, but does not filter all instances of a special element before sending it to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (1)

  • CVE-2026-21876CriJan 8, 2026
    risk 0.57cvss 9.3epss 0.13

    The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a…