CWE-794: Incomplete Filtering of Multiple Instances of Special Elements

The product receives data from an upstream component, but does not filter all instances of a special element before sending it to a downstream component.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

Incomplete filtering of this nature may be applied to: sequential elements (special elements that appear next to each other) or non-sequential elements (special elements that appear multiple times in different locations).

CWE-794: Incomplete Filtering of Multiple Instances of Special Elements

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Frequently asked questions

What is CWE-794?

What CVEs are caused by CWE-794?

What are the consequences of CWE-794?

Is CWE-794 actively exploited?

References

Stay ahead of CWE-794

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Related weaknesses

Parent

Frequently asked questions

What is CWE-794?

What CVEs are caused by CWE-794?

What are the consequences of CWE-794?

Is CWE-794 actively exploited?

References

Stay ahead of CWE-794