Class weakness

Incomplete

CWE-1395: Dependency on Vulnerable Third-Party Component

The product has a dependency on a third-party component that contains one or more known vulnerabilities.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Class

Abstraction

MITRE classification

Overview

Many products are large enough or complex enough that part of their functionality uses libraries, modules, or other intellectual property developed by third parties who are not the product creator. For example, even an entire operating system might be from a third-party supplier in some hardware products. Whether open or closed source, these components may contain publicly known vulnerabilities or hidden functionality such as malware that could be exploited by adversaries to compromise the product.

CWE-1395: Dependency on Vulnerable Third-Party Component

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-1395?

What CVEs are caused by CWE-1395?

How do you prevent CWE-1395?

How is CWE-1395 detected?

What are the consequences of CWE-1395?

Is CWE-1395 actively exploited?

References

Stay ahead of CWE-1395

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-1395?

What CVEs are caused by CWE-1395?

How do you prevent CWE-1395?

How is CWE-1395 detected?

What are the consequences of CWE-1395?

Is CWE-1395 actively exploited?

References

Stay ahead of CWE-1395