CWE-625β€”Permissive Regular Expression

PUBLISHEDweakness record
released 2007-05-07 Β· last modified 2023-06-29

Metadata

CWE ID:
CWE-625
Abstraction:
Base
Structure:
Simple
Status:
Draft
Release Date:
2007-05-07
Latest Modification Date:
2023-06-29

Weakness Name

Permissive Regular Expression

Description

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include:

Common Consequences

Scope:
Access Control
Impact:
Bypass Protection Mechanism

Related Weaknesses