CWE•Base•Draft•0 recent CVEs
CWE-182Collapse of Data into Unsafe Value
Description
The product filters data in a way that causes it to be reduced or "collapsed" into an unsafe value that violates an expected security property.
Common consequences
- Access Control→Bypass Protection Mechanism
Potential mitigations
- Architecture and DesignAvoid making decisions based on names of resources (e.g. files) if those resources can have alternate names.
- Implementation[object Object]
- ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
- Canonicalize the name to match that of the file system's representation of the name. This can sometimes be achieved with an available API (e.g. in Win32 the GetFullPathName function).