CWE-625 - Permissive Regular Expression

CWE-625

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Permissive Regular Expression

Description: The product uses a regular expression that does not sufficiently restrict the set of allowed values.
This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include:

Common Consequences: Scope: Access Control
Impact: Bypass Protection Mechanism

Related Weaknesses

CWE-184Incomplete List of Disallowed Inputs

CWE-183Permissive List of Allowed Inputs

CWE-185Incorrect Regular Expression

CWE-187Partial String Comparison

Release Date:
2007-05-07

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard