Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Draft Class
Structure: Simple
Description
The product does not adequately filter user-controlled input for special elements with control implications.
Common Consequences 1
Scope: IntegrityConfidentialityAvailability
Impact: Modify Application DataExecute Unauthorized Code or Commands
Potential Mitigations 2
Phase: Requirements
Programming languages and supporting technologies might be chosen which are not subject to these issues.
Phase: Implementation
Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
Taxonomy Mapping
- PLOVER