CWE-75
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Description
The product does not adequately filter user-controlled input for special elements with control implications.
Top Monitored CVEs
Consequences
Integrity, Confidentiality, Availability
—
Modify Application Data, Execute Unauthorized Code or Commands
Mitigations
Phase: Requirements
Programming languages and supporting technologies might be chosen which are not subject to these issues.
Phase: Implementation
Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input.