CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
常见后果
影响范围: Integrity
技术影响: Modify Application Data
说明: An attacker could modify sensitive data or program variables.
影响范围: Integrity
技术影响: Execute Unauthorized Code or Commands
影响范围: Other Integrity
技术影响: Varies by Context Alter Execution Logic
潜在缓解措施
阶段: Implementation
阶段: Architecture and Design Implementation
描述: If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.
阶段: Implementation
策略: Input Validation
描述: For any externally-influenced input, check the input against an allowlist of internal object attributes or fields that are allowed to be modified.
阶段: Implementation Architecture and Design
策略: Refactoring
描述: Refactor the code so that object attributes or fields do not need to be dynamically identified, and only expose getter/setter functionality for the intended attributes.
检测方法
方法: Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
有效性: High
观察示例
参考: CVE-2024-3283
Application for using LLMs allows modification of a sensitive variable using mass assignment.
参考: CVE-2012-2054
Mass assignment allows modification of arbitrary attributes using modified URL.
参考: CVE-2012-2055
Source version control product allows modification of trusted key using mass assignment.
参考: CVE-2008-7310
Attackers can bypass payment step in e-commerce product.
参考: CVE-2013-1465
Use of PHP unserialize function on untrusted input allows attacker to modify application configuration.
参考: CVE-2012-3527
Use of PHP unserialize function on untrusted input in content management system might allow code execution.
参考: CVE-2012-0911
Use of PHP unserialize function on untrusted input in content management system allows code execution using a crafted cookie value.
参考: CVE-2012-0911
Content management system written in PHP allows unserialize of arbitrary objects, possibly allowing code execution.
参考: CVE-2011-4962
Content management system written in PHP allows code execution through page comments.
参考: CVE-2009-4137
Use of PHP unserialize function on cookie value allows remote code execution or upload of arbitrary files.
参考: CVE-2007-5741
Content management system written in Python interprets untrusted data as pickles, allowing code execution.
参考: CVE-2011-2520
Python script allows local users to execute code via pickled data.
参考: CVE-2005-2875
Python script allows remote attackers to execute arbitrary code using pickled objects.
参考: CVE-2013-0277
Ruby on Rails allows deserialization of untrusted YAML to execute arbitrary code.
参考: CVE-2011-2894
Spring framework allows deserialization of objects from untrusted sources to execute arbitrary code.
参考: CVE-2012-1833
Grails allows binding of arbitrary parameters to modify arbitrary object properties.
参考: CVE-2010-3258
Incorrect deserialization in web browser allows escaping the sandbox.
参考: CVE-2008-1013
Media library allows deserialization of objects by untrusted Java applets, leading to arbitrary code execution.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |