VYPR

CWE-829

Inclusion of Functionality from Untrusted Control Sphere

BaseIncomplete

Description

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-175 · CAPEC-201 · CAPEC-228 · CAPEC-251 · CAPEC-252 · CAPEC-253 · CAPEC-263 · CAPEC-538 · CAPEC-549 · CAPEC-640 · CAPEC-660 · CAPEC-695 · CAPEC-698

CVEs mapped to this weakness (143)

page 8 of 8
  • CVE-2019-13589Jul 14, 2019
    risk 0.00cvss epss 0.04

    The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5.

  • CVE-2019-10248Apr 22, 2019
    risk 0.00cvss epss 0.00

    Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

  • CVE-2019-10240Apr 3, 2019
    risk 0.00cvss epss 0.00

    Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.