CWE-619: Dangling Database Cursor ('Cursor Injection')
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving the cursor "dangling."
扩展描述
For example, an improper dangling cursor could arise from unhandled exceptions. The impact of the issue depends on the cursor's role, but SQL injection attacks are commonly possible.
常见后果
影响范围: Confidentiality Integrity
技术影响: Read Application Data Modify Application Data
潜在缓解措施
阶段: Implementation
描述: Close cursors immediately after access to them is complete. Ensure that you close cursors if exceptions occur.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | This issue is currently reported for unhandled exceptions, but it is theoretically possible any time the programmer does not close the cursor at the proper time. |
适用平台
编程语言
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| Software Fault Patterns | SFP24 | Tainted input to command | - |