Cwe 20

🧬 CWE Related 125
slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。 非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。 「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。
📌 Example
多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,695

ID Title
CVE-2017-7218 Vulnerability in paloaltonetworks (CVE-2017-7218)
CVE-2017-7408 Vulnerability in dos (CVE-2017-7408)
CVE-2017-7456 Vulnerability in dos (CVE-2017-7456)
CVE-2012-1301 Vulnerability in umbraco (CVE-2012-1301)
CVE-2015-4646 Vulnerability in c (CVE-2015-4646)
CVE-2016-4898 Vulnerability in novastor (CVE-2016-4898)
CVE-2016-4899 Vulnerability in novastor (CVE-2016-4899)
CVE-2016-2567 Vulnerability in samsung (CVE-2016-2567)
CVE-2010-1821 Vulnerability in apple (CVE-2010-1821)
CVE-2015-7740 Vulnerability in dos (CVE-2015-7740)
CVE-2017-7747 Vulnerability in c (CVE-2017-7747)
CVE-2017-7280 Vulnerability in unitrends (CVE-2017-7280)
CVE-2017-6059 Vulnerability in c (CVE-2017-6059)
CVE-2017-0197 Vulnerability in microsoft (CVE-2017-0197)
CVE-2017-2989 Vulnerability in adobe (CVE-2017-2989)
CVE-2017-0162 Vulnerability in microsoft (CVE-2017-0162)
CVE-2017-0163 Vulnerability in microsoft (CVE-2017-0163)
CVE-2017-0164 Vulnerability in dos (CVE-2017-0164)
CVE-2017-0169 Vulnerability in microsoft (CVE-2017-0169)
CVE-2017-0178 Vulnerability in dos (CVE-2017-0178)
CVE-2017-0179 Vulnerability in dos (CVE-2017-0179)
CVE-2017-0180 Vulnerability in microsoft (CVE-2017-0180)
CVE-2017-0181 Vulnerability in microsoft (CVE-2017-0181)
CVE-2017-0182 Vulnerability in dos (CVE-2017-0182)
CVE-2017-0183 Vulnerability in dos (CVE-2017-0183)
CVE-2017-0184 Vulnerability in dos (CVE-2017-0184)
CVE-2017-0185 Vulnerability in dos (CVE-2017-0185)
CVE-2017-0186 Vulnerability in dos (CVE-2017-0186)
CVE-2016-7957 Vulnerability in c (CVE-2016-7957)
CVE-2016-7958 Vulnerability in wireshark (CVE-2016-7958)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →