CWE-138: Improper Neutralization of Special Elements

Description

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

Most languages and protocols have their own special elements such as characters and reserved words. These special elements can carry control implications. If product does not prevent external control or influence over the inclusion of such special elements, the control flow of the program may be altered from what was intended. For example, both Unix and Windows interpret the symbol < ("less than") as meaning "read input from a file".

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-140: Improper Neutralization of Delimiters
Go to
CWE-147: Improper Neutralization of Input Terminators
Go to
CWE-148: Improper Neutralization of Input Leaders
Go to
CWE-149: Improper Neutralization of Quoting Syntax
Go to
CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences
Go to
CWE-151: Improper Neutralization of Comment Delimiters
Go to
CWE-152: Improper Neutralization of Macro Symbols
Go to
CWE-153: Improper Neutralization of Substitution Characters
Go to
CWE-154: Improper Neutralization of Variable Name Delimiters
Go to
CWE-155: Improper Neutralization of Wildcards or Matching Symbols
Go to
CWE-156: Improper Neutralization of Whitespace
Go to
CWE-157: Failure to Sanitize Paired Delimiters
Go to
CWE-158: Improper Neutralization of Null Byte or NUL Character
Go to
CWE-159: Improper Handling of Invalid Use of Special Elements
Go to
CWE-160: Improper Neutralization of Leading Special Elements
Go to
CWE-162: Improper Neutralization of Trailing Special Elements
Go to
CWE-164: Improper Neutralization of Internal Special Elements
Go to
CWE-464: Addition of Data Structure Sentinel
Go to
CWE-707: Improper Neutralization
Go to
CWE-790: Improper Filtering of Special Elements
Go to

Visit http://cwe.mitre.org/ for more details.