CWE-1287: Improper Validation of Specified Type of Input

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

常见后果

影响范围: Other

技术影响: Varies by Context

潜在缓解措施

阶段: Implementation

策略: Input Validation

有效性: High

观察示例

参考: CVE-2024-37032

Large language model (LLM) management tool does not validate the format of a digest value (CWE-1287) from a private, untrusted model registry, enabling relative path traversal (CWE-23), a.k.a. Probllama

参考: CVE-2008-2223

SQL injection through an ID that was supposed to be numeric.

引入模式

阶段 说明
Implementation -

适用平台

编程语言
Not Language-Specific (Often)
关键信息

CWE ID: CWE-1287

抽象级别: Base

结构: Simple

状态: Incomplete

相关弱点
ChildOf CWE-20

Improper Input Validation

Class
PeerOf CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

Base
返回列表