logo

CWE-625 - Permissive Regular Expression

CWE-625

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Permissive Regular Expression

Description

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include:

Common Consequences

Scope: Access Control

Impact: Bypass Protection Mechanism

Related Weaknesses
  • Release Date:
  • 2007-05-07
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website