CWE-625 - Permissive Regular Expression
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2007-05-07
- Latest Modification Date:2023-06-29
Weakness Name
Permissive Regular Expression
Description
The product uses a regular expression that does not sufficiently restrict the set of allowed values.
This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include:
Common Consequences
Scope: Access Control
Impact: Bypass Protection Mechanism
Related Weaknesses
CWE-183Permissive List of Allowed Inputs
CWE-184Incomplete List of Disallowed Inputs