1. Home
  2. Weaknesses
  3. CWE-157

CWE-157: Failure to Sanitize Paired Delimiters

ID CWE-157
Abstraction Variant
Structure Simple
Status Draft
Detail Web & Social
The product does not properly handle the characters that are used to mark the beginning and ending of a group of entities, such as parentheses, brackets, and braces.

Paired delimiters might include:

  • < and > angle brackets
  • ( and ) parentheses
  • { and } braces
  • [ and ] square brackets
  • " " double quotes
  • ' ' single quotes

Modes of Introduction

Phase Note
Implementation

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-138 Improper Neutralization of Special Elements Class Simple Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-15 Command Delimiters CWE-157