Category: SFP Primary Cluster: Tainted Input
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Tainted Input cluster (SFP24, SFP25, SFP26, SFP27).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
| CWE-990 | SFP Secondary Cluster: Tainted Input to Command | This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Command cluster (SFP24). |
| CWE-991 | SFP Secondary Cluster: Tainted Input to Environment | This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Environment cluster (SFP27). |
| CWE-992 | SFP Secondary Cluster: Faulty Input Transformation | This category identifies Software Fault Patterns (SFPs) within the Faulty Input Transformation cluster. |
| CWE-993 | SFP Secondary Cluster: Incorrect Input Handling | This category identifies Software Fault Patterns (SFPs) within the Incorrect Input Handling cluster. |
| CWE-994 | SFP Secondary Cluster: Tainted Input to Variable | This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Variable cluster (SFP25). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.