CWE-829β€”Inclusion of Functionality from Untrusted Control Sphere

PUBLISHEDweakness record
released 2010-12-13 Β· last modified 2026-01-21
CWE-829 - Inclusion of Functionality from Untrusted Control Sphere - Diagram

Metadata

CWE ID:
CWE-829
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2010-12-13
Latest Modification Date:
2026-01-21

Weakness Name

Inclusion of Functionality from Untrusted Control Sphere

Description

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Common Consequences

Scope:
Confidentiality, Integrity, Availability
Impact:
Execute Unauthorized Code or Commands
Notes:
An attacker could insert malicious functionality into the program by causing the program to download code that the attacker has placed into the untrusted control sphere, such as a malicious web site. This could enable the injection of malware, information exposure by granting excessive privileges or permissions to the untrusted functionality, DOM-based XSS vulnerabilities, stealing user's cookies, open redirect to malware (CWE-601), etc.

Related Weaknesses

Related Alerts