CWE-494Download of Code Without Integrity Check

PUBLISHEDweakness recordMedium
released 2006-07-19 · last modified 2025-12-11

Metadata

CWE ID:
CWE-494
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

Download of Code Without Integrity Check

描述

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.

常见后果

范围:
Integrity, Availability, Confidentiality, Other
影响:
Execute Unauthorized Code or Commands, Alter Execution Logic, Other
注释:
Executing untrusted code could compromise the control flow of the program. The untrusted code could execute attacker-controlled commands, read or modify sensitive resources, or prevent the software from functioning correctly for legitimate users.

相关 CWE