Base weakness
Draft
CWE-625: Permissive Regular Expression
The product uses a regular expression that does not sufficiently restrict the set of allowed values.
7
Recorded CVEs
With this primary weakness
0
KEVs
In the CISA KEV catalog
Not rated
Likelihood of exploit
Per MITRE
Base
Abstraction
MITRE classification
Overview
This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include: not identifying the beginning and end of the target string using wildcards instead of acceptable character ranges others