Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-36 | Absolute Path Traversal The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as /abs/path that can resolve to a location that is outside of that directory. | 0 | 2 | 4 | 0 | 6 | |
CWE-297 | Improper Validation of Certificate with Host Mismatch The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host. | 0 | 4 | 2 | 0 | 6 | |
CWE-822 | Untrusted Pointer Dereference The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. | 0 | 1 | 5 | 0 | 6 | |
CWE-24 | Path Traversal: '../filedir' The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ../ sequences that can resolve to a location that is outside of that directory. | 0 | 4 | 0 | 2 | 6 | |
CWE-204 | Response Discrepancy Information Exposure The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. | 0 | 6 | 0 | 0 | 6 | |
CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') The software receives a request, message, or directive from an upstream component, but the software does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the software's control sphere. This causes the software to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor. | 0 | 3 | 1 | 1 | 5 | |
CWE-117 | Improper Output Neutralization for Logs The software does not neutralize or incorrectly neutralizes output that is written to logs. | 0 | 4 | 1 | 0 | 5 | |
CWE-35 | Path Traversal: '.../...//' The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. | 0 | 2 | 3 | 0 | 5 | |
CWE-201 | Information Exposure Through Sent Data The code transmits data to another actor, but the data contains sensitive information that should not be accessible to the actor that is receiving the data. | 0 | 4 | 1 | 0 | 5 | |
CWE-321 | Use of Hard-coded Cryptographic Key The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered. | 0 | 3 | 2 | 0 | 5 |