CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes

Description

The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.

Submission Date :

Jan. 26, 2013, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

If the object contains attributes that were only intended for internal use, then their unexpected modification could lead to a vulnerability.

This weakness is sometimes known by the language-specific mechanisms that make it possible, such as mass assignment, autobinding, or object injection.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-502: Deserialization of Untrusted Data
Go to
CWE-913: Improper Control of Dynamically-Managed Code Resources
Go to
CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Go to

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Nov. 21, 2024 22:37