CWE-494—Download of Code Without Integrity Check
PUBLISHEDweakness recordMedium
released 2006-07-19 · last modified 2025-12-11
Metadata
名称
Download of Code Without Integrity Check
描述
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.