CWE-795: Only Filtering Special Elements at a Specified Location

The product receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

A filter might only account for instances of special elements when they occur: relative to a marker (e.g. "at the beginning/end of string; the second argument"), or at an absolute position (e.g. "byte number 10"). This may leave special elements in the data that did not match the filter position, but still may be dangerous.

CWE-795: Only Filtering Special Elements at a Specified Location

Overview

Common consequences

How it happens

When it is introduced

Code examples

Frequently asked questions

What is CWE-795?

What are the consequences of CWE-795?

References

Stay ahead of CWE-795

Overview

Common consequences

How it happens

When it is introduced

Code examples

Related weaknesses

Parent

Child

Frequently asked questions

What is CWE-795?

What are the consequences of CWE-795?

References

Stay ahead of CWE-795