Base weakness
Incomplete
CWE-1085: Invokable Control Element with Excessive Volume of Commented-out Code
A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body.
0
Recorded CVEs
With this primary weakness
0
KEVs
In the CISA KEV catalog
Not rated
Likelihood of exploit
Per MITRE
Base
Abstraction
MITRE classification
Overview
While the interpretation of "excessive volume" may vary for each product or developer, CISQ recommends a default threshold of 2% of commented code.
Common consequences
What can happen when CWE-1085 is exploited.