CWE-20:不正确的输入验证(Improper Input Validation) 不正确的输入验证是指在接受用户输入时,没有对输入数据进行正确的验证和过滤,从而导致安全漏洞的产生。开发人员应当对输入数据进行合法性检查,并对不符合要求的数据进行拒绝或适当处理,以防止攻击者利用输入验证漏洞进行攻击。 CWE-78:OS命令注入(OS Command Injecti...
[1] CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer [2] CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [3] CWE-20 Improper Input Validation [4] CWE-200 Information Exposure [5] CWE-125 Out-of-bounds Read [6] ...
4. Improper Input Validation20 5. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')78 6. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')89 7. Use After Free416 ...
CWE-94- improper control of code generation (code injection). Severity score: 3.32. CWE Examples: Which Are the Most Dangerous CWEs? Following are three vulnerabilities from the CWE Top 25 which present a serious security risk. Invalid Input Validation (CWE-20) This vulnerability re...
CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection') CWE-79: Failure to Preserve Web Page Structure (aka 'Cross-site Scripting') CWE-78: Failure to Preserve OS Command Structure (aka 'OS ...
比如CWE-119(Improper Restriction of Operations within the Bounds of a Memory Buffer),CWE-20(Improper Input Validation)和CWE-200(Exposure of Sensitive Information to an Unauthorized Actor)下移了几个排名,而CWE-79(Improper Neutralization of Input During Web Page Generation),CWE-787(Out-of-bounds ...
CWE-1426:生成式 AI 输出验证不当(Improper Validation of Generative AI Output)主要参考了:OWASP LLM TOP 10中的: LLM02:不安全的输出处理。 LLM02 中给出了更多关于这个缺陷的描述。 不安全的输出处理特指在大型语言模型生成的输出被传递到下游其他组件和系统之前,对这些输出进行不充分的验证、清洁和处理。由于...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 45.97 2 C#:V5610 3 CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 22,11 7 C#:V5608 4 CWE-20 Improper Input Validation ...
Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal CWE-24: Path Traversal: '../filedir' CWE-25: Path Traversal: '/../filedir' CWE-26: Path Traversal: '/dir/../filename' CWE-27: Path Traver...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 结构: Simple Abstraction: Base 状态: Stable 被利用可能性:High 基本描述 The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page...