CWE-829Inclusion of Functionality from Untrusted Control Sphere

PUBLISHEDweakness record
released 2010-12-13 · last modified 2026-01-21
CWE-829 - Inclusion of Functionality from Untrusted Control Sphere - Diagram

Metadata

CWE ID:
CWE-829
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2010-12-13
更新日期:
2026-01-21

名称

Inclusion of Functionality from Untrusted Control Sphere

描述

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

常见后果

范围:
Confidentiality, Integrity, Availability
影响:
Execute Unauthorized Code or Commands
注释:
An attacker could insert malicious functionality into the program by causing the program to download code that the attacker has placed into the untrusted control sphere, such as a malicious web site. This could enable the injection of malware, information exposure by granting excessive privileges or permissions to the untrusted functionality, DOM-based XSS vulnerabilities, stealing user's cookies, open redirect to malware (CWE-601), etc.

相关 CWE

相关警报