|
|
|
|
CWE-155 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 155 (Weakness Variant) | | Description | Summary Wildcard or matching elements (e.g. '*') injected into an application through input can
be used to compromise a system. As data is parsed, an injected element may cause the process to
take unexpected actions. | | Potential Mitigations | Developers should anticipate that wildcard or matching elements will be
injected/removed/manipulated in the input vectors of their software system. Use an appropriate
combination of black lists and white lists to ensure only valid, expected and appropriate
input is processed by the system. | | Observed Examples | | | Research Gaps | Under-studied. | | Relationships | | | Source Taxonomies | PLOVER - Wildcard or Matching Element | | Applicable Platforms | All |
|