CWE-450: Multiple Interpretations of UI Input

Base Draft Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation.

常见后果

影响范围: Other

技术影响: Varies by Context

潜在缓解措施

阶段: Implementation

策略: Input Validation

阶段: Implementation

策略: Input Validation

描述: Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

引入模式

阶段 说明
Implementation -

适用平台

编程语言
Not Language-Specific (Undetermined)

分类映射

分类名称 条目ID 条目名称 映射适配度
PLOVER - Multiple Interpretations of UI Input -
关键信息

CWE ID: CWE-450

抽象级别: Base

结构: Simple

状态: Draft

相关弱点
ChildOf CWE-357

Insufficient UI Warning of Dangerous Operations

Base
返回列表