CWE-494 - Download of Code Without Integrity Check

CWE-494 Medium

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Download of Code Without Integrity Check

Description: The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.

Common Consequences: Scope: Integrity, Availability, Confidentiality, Other
Impact: Execute Unauthorized Code or Commands, Alter Execution Logic, Other
Notes: Executing untrusted code could compromise the control flow of the program. The untrusted code could execute attacker-controlled commands, read or modify sensitive resources, or prevent the software from functioning correctly for legitimate users.

Related Weaknesses

CWE-345Insufficient Verification of Data Authenticity

CWE-669Incorrect Resource Transfer Between Spheres

Release Date:
2006-07-19

Latest Modification Date:
2024-02-29

Free security scan for your website

Don't show website scan report rating on the leaderboard