Cwe 20

🧬 CWE Related 125
slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。 非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。 「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。
📌 Example
多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,695

ID Title
CVE-2016-7665 Vulnerability in dos (CVE-2016-7665)
CVE-2016-7667 Vulnerability in dos (CVE-2016-7667)
CVE-2016-7742 Vulnerability in apple (CVE-2016-7742)
CVE-2017-2351 Vulnerability in apple (CVE-2017-2351)
CVE-2016-7636 Vulnerability in dos (CVE-2016-7636)
CVE-2016-4690 Vulnerability in apple (CVE-2016-4690)
CVE-2016-7580 Vulnerability in dos (CVE-2016-7580)
CVE-2016-7581 Vulnerability in dos (CVE-2016-7581)
CVE-2016-4661 Vulnerability in dos (CVE-2016-4661)
CVE-2016-4669 Vulnerability in dos (CVE-2016-4669)
CVE-2016-9955 Vulnerability in dos (CVE-2016-9955)
CVE-2016-8652 Vulnerability in dos (CVE-2016-8652)
CVE-2017-0312 Vulnerability in dos (CVE-2017-0312)
CVE-2017-0318 Vulnerability in dos (CVE-2017-0318)
CVE-2016-8944 Vulnerability in ibm (CVE-2016-8944)
CVE-2016-5782 Vulnerability in locusenergy (CVE-2016-5782)
CVE-2016-8344 Vulnerability in c (CVE-2016-8344)
CVE-2016-4546 Vulnerability in dos (CVE-2016-4546)
CVE-2016-4547 Vulnerability in dos (CVE-2016-4547)
CVE-2016-6129 Vulnerability in c (CVE-2016-6129)
CVE-2017-3896 Vulnerability in mcafee (CVE-2017-3896)
CVE-2017-5589 Vulnerability in yaxim (CVE-2017-5589)
CVE-2017-5590 Vulnerability in chatsecure (CVE-2017-5590)
CVE-2017-5591 Vulnerability in sleekxmpp (CVE-2017-5591)
CVE-2017-5592 Vulnerability in profanity-project (CVE-2017-5592)
CVE-2017-5593 Vulnerability in psi-plus (CVE-2017-5593)
CVE-2017-5602 Vulnerability in jappix-project (CVE-2017-5602)
CVE-2017-5603 Vulnerability in jitsi (CVE-2017-5603)
CVE-2017-5604 Vulnerability in mcabber (CVE-2017-5604)
CVE-2017-5605 Vulnerability in movim (CVE-2017-5605)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →