CWE-183 - Permissive List of Allowed Inputs

CWE-183

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Permissive List of Allowed Inputs

Description: The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

Common Consequences: Scope: Access Control
Impact: Bypass Protection Mechanism

Related Weaknesses

CWE-434Unrestricted Upload of File with Dangerous TypeMedium

CWE-697Incorrect Comparison

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard