Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:Data Neutralization Issues
Category ID:137
Vulnerability Mapping:Prohibited
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to the creation or neutralization of data using an incorrect format.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV699Software Development
HasMemberAllowedB89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMemberAllowedB117Improper Output Neutralization for Logs
HasMemberAllowedB1236Improper Neutralization of Formula Elements in a CSV File
HasMemberAllowedB140Improper Neutralization of Delimiters
HasMemberAllowedB170Improper Null Termination
HasMemberAllowedB463Deletion of Data Structure Sentinel
HasMemberAllowedB464Addition of Data Structure Sentinel
HasMemberAllowedB641Improper Restriction of Names for Files and Other Resources
HasMemberAllowedB694Use of Multiple Resources with Duplicate Identifier
HasMemberAllowedB76Improper Neutralization of Equivalent Special Elements
HasMemberAllowedB78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMemberAllowedB79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberAllowedB791Incomplete Filtering of Special Elements
HasMemberAllowedB838Inappropriate Encoding for Output Context
HasMemberAllowedB88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
HasMemberAllowedB90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
HasMemberAllowedB91XML Injection (aka Blind XPath Injection)
HasMemberAllowedB917Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
HasMemberAllowedB93Improper Neutralization of CRLF Sequences ('CRLF Injection')
HasMemberAllowed-with-ReviewB94Improper Control of Generation of Code ('Code Injection')
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 699
Name: Software Development
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 89
Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 117
Name: Improper Output Neutralization for Logs
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1236
Name: Improper Neutralization of Formula Elements in a CSV File
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 140
Name: Improper Neutralization of Delimiters
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 170
Name: Improper Null Termination
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 463
Name: Deletion of Data Structure Sentinel
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 464
Name: Addition of Data Structure Sentinel
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 641
Name: Improper Restriction of Names for Files and Other Resources
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 694
Name: Use of Multiple Resources with Duplicate Identifier
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 76
Name: Improper Neutralization of Equivalent Special Elements
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 78
Name: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 79
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 791
Name: Incomplete Filtering of Special Elements
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 838
Name: Inappropriate Encoding for Output Context
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 88
Name: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 90
Name: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 91
Name: XML Injection (aka Blind XPath Injection)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 917
Name: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 93
Name: Improper Neutralization of CRLF Sequences ('CRLF Injection')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 94
Name: Improper Control of Generation of Code ('Code Injection')
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

See member weaknesses of this category.

▼Notes
▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Details not found