CWE-349 在可信数据中接受外来的不可信数据

Acceptance of Extraneous Untrusted Data With Trusted Data

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown


The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.


  • cwe_Nature: ChildOf cwe_CWE_ID: 345 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 345 cwe_View_ID: 699 cwe_Ordinal: Primary


Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}


范围 影响 注释
['Access Control', 'Integrity'] ['Bypass Protection Mechanism', 'Modify Application Data'] An attacker could package untrusted data with trusted data to bypass protection mechanisms to gain access to and possibly modify sensitive data.


标识 说明 链接


映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Untrusted Data Appended with Trusted Data
The CERT Oracle Secure Coding Standard for Java (2011) ENV01-J Place all security-sensitive code in a single JAR and sign and seal it


  • CAPEC-141
  • CAPEC-142
  • CAPEC-75