CWE-20 (Improper Input Validation)

GPTKB entity

Statements (30)
Predicate Object
gptkbp:instanceOf gptkb:Common_Weakness_Enumeration
gptkbp:category Software Weakness
gptkbp:cause gptkb:Privilege_Escalation
gptkb:Denial_of_Service
Data Corruption
Code Execution
Security Vulnerability
gptkbp:citation https://cwe.mitre.org/data/definitions/20.html
gptkbp:describedBy gptkb:MITRE_CWE
gptkbp:describes The software does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
gptkbp:example Accepting untrusted data without checks
Not validating user-supplied file names
Not checking input length before copying to a buffer
gptkbp:firstPublished 2006
https://www.w3.org/2000/01/rdf-schema#label CWE-20 (Improper Input Validation)
gptkbp:maintainedBy gptkb:MITRE_Corporation
gptkbp:name Improper Input Validation
gptkbp:parent CWE-1 (Software Weaknesses)
gptkbp:prevention Sanitize input
Use allow-lists
Validate all input
gptkbp:relatedTo gptkb:CWE-119_(Buffer_Overflow)
gptkb:CWE-79_(Cross-site_Scripting)
gptkb:CWE-89_(SQL_Injection)
gptkbp:usedIn Vulnerability Assessment
Security Audits
Static Analysis Tools
gptkbp:vulnerableTo gptkb:CWE-20
gptkbp:bfsParent gptkb:Common_Weakness_Enumeration_(CWE)
gptkbp:bfsLayer 7