CWE-20 (Improper Input Validation)
GPTKB entity
Statements (30)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:category |
Software Weakness
|
| gptkbp:cause |
gptkb:Privilege_Escalation
gptkb:Denial_of_Service Data Corruption Code Execution Security Vulnerability |
| gptkbp:citation |
https://cwe.mitre.org/data/definitions/20.html
|
| gptkbp:describedBy |
gptkb:MITRE_CWE
|
| gptkbp:describes |
The software does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
|
| gptkbp:example |
Accepting untrusted data without checks
Not validating user-supplied file names Not checking input length before copying to a buffer |
| gptkbp:firstPublished |
2006
|
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-20 (Improper Input Validation)
|
| gptkbp:maintainedBy |
gptkb:MITRE_Corporation
|
| gptkbp:name |
Improper Input Validation
|
| gptkbp:parent |
CWE-1 (Software Weaknesses)
|
| gptkbp:prevention |
Sanitize input
Use allow-lists Validate all input |
| gptkbp:relatedTo |
gptkb:CWE-119_(Buffer_Overflow)
gptkb:CWE-79_(Cross-site_Scripting) gptkb:CWE-89_(SQL_Injection) |
| gptkbp:usedIn |
Vulnerability Assessment
Security Audits Static Analysis Tools |
| gptkbp:vulnerableTo |
gptkb:CWE-20
|
| gptkbp:bfsParent |
gptkb:Common_Weakness_Enumeration_(CWE)
|
| gptkbp:bfsLayer |
7
|