CWE-913 动态管理代码资源的控制不恰当

Improper Control of Dynamically-Managed Code Resources

结构: Simple

Abstraction: Class

状态: Incomplete

被利用可能性: unkown


The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.


Many languages offer powerful features that allow the programmer to dynamically create or modify existing code, or resources used by code such as variables and objects. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can directly influence these code resources in unexpected ways.


  • cwe_Nature: ChildOf cwe_CWE_ID: 664 cwe_View_ID: 1000 cwe_Ordinal: Primary


范围 影响 注释
Integrity Execute Unauthorized Code or Commands
['Other', 'Integrity'] ['Varies by Context', 'Alter Execution Logic']



策略: Input Validation

For any externally-influenced input, check the input against a white list of acceptable values.

['Implementation', 'Architecture and Design']

策略: Refactoring

Refactor the code so that it does not need to be dynamically managed.