CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

CWE-93

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Improper Neutralization of CRLF Sequences ('CRLF Injection')

Description: The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

Common Consequences: Scope: Integrity
Impact: Modify Application Data

Related Weaknesses

CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')High

CWE-117Improper Output Neutralization for LogsMedium

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard