CWE-914: Improper Control of Dynamically-Identified Variables
ID
CWE-914
Abstraction
Base
Structure
Simple
Status
Incomplete
Number of CVEs
1
The product does not properly restrict reading from or writing to dynamically-identified variables.
Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended variables that have security implications.
Modes of Introduction
| Phase | Note |
|---|---|
| Implementation |
Relationships
| View | Weakness | |||||||
|---|---|---|---|---|---|---|---|---|
| # ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
| CWE-1000 | Research Concepts | Draft | CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') | Class | Simple | Draft | |
| CWE-1000 | Research Concepts | Draft | CWE-913 | Improper Control of Dynamically-Managed Code Resources | Class | Simple | Incomplete | |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...