Cwe 20

🧬 CWE Related 125
slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。 非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。 「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。
📌 Example
多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,695

ID Title
CVE-2017-2100 Vulnerability in ipa (CVE-2017-2100)
CVE-2017-8288 Vulnerability in gnome (CVE-2017-8288)
CVE-2017-3162 Vulnerability in apache (CVE-2017-3162)
CVE-2017-8219 Vulnerability in tp-link (CVE-2017-8219)
CVE-2017-5041 Vulnerability in google (CVE-2017-5041)
CVE-2017-2313 Vulnerability in dos (CVE-2017-2313)
CVE-2017-2340 Vulnerability in juniper (CVE-2017-2340)
CVE-2016-2173 Vulnerability in fedoraproject (CVE-2016-2173)
CVE-2016-3109 Vulnerability in shopware (CVE-2016-3109)
CVE-2016-4841 Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.
CVE-2017-7220 Vulnerability in opentext (CVE-2017-7220)
CVE-2017-6610 Vulnerability in cisco (CVE-2017-6610)
CVE-2017-6613 Vulnerability in dos (CVE-2017-6613)
CVE-2017-6616 Vulnerability in cisco (CVE-2017-6616)
CVE-2017-6619 Vulnerability in cisco (CVE-2017-6619)
CVE-2016-7536 Vulnerability in c (CVE-2016-7536)
CVE-2016-4862 Vulnerability in cs-cart (CVE-2016-4862)
CVE-2017-7692 Vulnerability in c (CVE-2017-7692)
CVE-2017-7283 Vulnerability in unitrends (CVE-2017-7283)
CVE-2017-7979 Vulnerability in c (CVE-2017-7979)
CVE-2014-9907 Vulnerability in c (CVE-2014-9907)
CVE-2017-7645 Vulnerability in c (CVE-2017-7645)
CVE-2017-1161 Vulnerability in ibm (CVE-2017-1161)
CVE-2017-7892 Vulnerability in capnproto (CVE-2017-7892)
CVE-2017-5659 Vulnerability in apache (CVE-2017-5659)
CVE-2016-4868 Vulnerability in cybozu (CVE-2016-4868)
CVE-2017-6554 Vulnerability in quest (CVE-2017-6554)
CVE-2015-6567 Vulnerability in wolfcms (CVE-2015-6567)
CVE-2015-6568 Vulnerability in wolfcms (CVE-2015-6568)
CVE-2017-7217 Vulnerability in paloaltonetworks (CVE-2017-7217)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →