{"@ID": "88", "@Name": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Draft", "Description": "The product constructs a string for a command to be executed by a separate component\nin another control sphere, but it does not properly delimit the\nintended arguments, options, or switches within that command string.", "Extended_Description": {"xhtml:p": "When creating commands using interpolation into a string, developers may assume that only the arguments/options that they specify will be processed.  This assumption may be even stronger when the programmer has encoded the command in a way that prevents separate commands from being provided maliciously, e.g. in the case of shell metacharacters.  When constructing the command, the developer may use whitespace or other delimiters that are required to separate arguments when the command. However, if an attacker can provide an untrusted input that contains argument-separating delimiters, then the resulting command will have more arguments than intended by the developer.  The attacker may then be able to change the behavior of the command.  Depending on the functionality supported by the extraneous arguments, this may have security-relevant consequences."}, "Related_Weaknesses": {"Related_Weakness": [{"@Nature": "ChildOf", "@CWE_ID": "77", "@View_ID": "1000", "@Ordinal": "Primary"}, {"@Nature": "ChildOf", "@CWE_ID": "74", "@View_ID": "1003", "@Ordinal": "Primary"}, {"@Nature": "ChildOf", "@CWE_ID": "77", "@View_ID": "1305", "@Ordinal": "Primary"}, {"@Nature": "ChildOf", "@CWE_ID": "77", "@View_ID": "1340", "@Ordinal": "Primary"}]}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Primary"}}, "Applicable_Platforms": {"Language": [{"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}, {"@Name": "PHP", "@Prevalence": "Often"}], "Technology": {"@Class": "Not Technology-Specific", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": {"Phase": "Implementation", "Note": "REALIZATION: This weakness is caused during implementation of an architectural security tactic."}}, "Common_Consequences": {"Consequence": {"Scope": ["Confidentiality", "Integrity", "Availability", "Other"], "Impact": ["Execute Unauthorized Code or Commands", "Alter Execution Logic", "Read Application Data", "Modify Application Data"], "Note": "An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior."}}, "Detection_Methods": {"Detection_Method": {"@Detection_Method_ID": "DM-14", "Method": "Automated Static Analysis", "Description": "Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect \"sources\" (origins of input) with \"sinks\" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)", "Effectiveness": "High"}}, "Potential_Mitigations": {"Mitigation": [{"Phase": "Implementation", "Strategy": "Parameterization", "Description": "Where possible, avoid building a single string that contains the command and its arguments.  Some languages or frameworks have functions that support specifying independent arguments, e.g. as an array, which is used to automatically perform the appropriate quoting or escaping while building the command.  For example, in PHP, escapeshellarg() can be used to escape a single argument to system(), or exec() can be called with an array of arguments.  In C, code can often be refactored from using system() - which accepts a single string - to using exec(), which requires separate function arguments for each parameter.", "Effectiveness": "High"}, {"Phase": "Architecture and Design", "Strategy": "Input Validation", "Description": "Understand all the potential areas where untrusted inputs can enter your product: parameters or arguments, cookies, anything read from the network, environment variables, request headers as well as content, URL components, e-mail, files, databases, and any external systems that provide data to the application. Perform input validation at well-defined interfaces."}, {"@Mitigation_ID": "MIT-5", "Phase": "Implementation", "Strategy": "Input Validation", "Description": {"xhtml:p": ["Assume all input is malicious. Use an \"accept known good\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.", "When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \"boat\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \"red\" or \"blue.\"", "Do not rely exclusively on looking for malicious or malformed inputs.  This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}}, {"Phase": "Implementation", "Description": "Directly convert your input type into the expected data type, such as using a conversion function that translates a string into a number. After converting to the expected data type, ensure that the input's values fall within the expected range of allowable values and that multi-field consistencies are maintained."}, {"Phase": "Implementation", "Description": {"xhtml:p": ["Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.", "Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content."]}}, {"Phase": "Implementation", "Description": "When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so."}, {"Phase": "Implementation", "Description": "When your application combines data from multiple sources, perform the validation after the sources have been combined. The individual data elements may pass the validation step but violate the intended restrictions after they have been combined."}, {"Phase": "Testing", "Description": "Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results."}]}, "Demonstrative_Examples": {"Demonstrative_Example": [{"@Demonstrative_Example_ID": "DX-150", "Intro_Text": "Consider the following program. It intends to perform an \"ls -l\" on an input filename. The validate_name() subroutine performs validation on the input to make sure that only alphanumeric and \"-\" characters are allowed, which avoids path traversal (CWE-22) and OS command injection (CWE-78) weaknesses. Only filenames like \"abc\" or \"d-e-f\" are intended to be allowed.", "Example_Code": [{"@Nature": "Bad", "@Language": "Perl", "xhtml:div": {"xhtml:br": [null, null, null, null, null, null, null], "xhtml:div": [{"@style": "margin-left:1em;", "xhtml:br": [null, null, null, null, null, null], "xhtml:div": {"@style": "margin-left:1em;", "xhtml:br": [null, null], "#text": "print \"Error: name is not well-formed!\\n\";\n\t\t     return;"}, "xhtml:i": "# build command", "#text": "my($fname) = @_;\n\t\t   if (! validate_name($fname)) {\n\t\t   \n\t\t   }\n\t\t   \n\t\t   my $cmd = \"/bin/ls -l $fname\";\n\t\t   system($cmd);"}, {"@style": "margin-left:1em;", "xhtml:br": [null, null, null, null, null], "xhtml:div": [{"@style": "margin-left:1em;", "xhtml:br": null, "#text": "return(1);"}, {"@style": "margin-left:1em;", "xhtml:br": null, "#text": "return(0);"}], "#text": "my($name) = @_;\n\t\t   if ($name =~ /^[\\w\\-]+$/) {\n\t\t   \n\t\t   }\n\t\t   else {\n\t\t   \n\t\t   }"}], "#text": "my $arg = GetArgument(\"filename\");\n\t\t do_listing($arg);\n\t\t \n\n\t\t sub do_listing {\n\t\t \n\t\t }\n\t\t \n\t\t sub validate_name {\n\t\t \n\t\t }"}}, {"@Nature": "Good", "@Language": "Perl", "xhtml:div": "if ($name =~ /^\\w[\\w\\-]+$/) ..."}], "Body_Text": {"xhtml:p": ["However, validate_name() allows\n             filenames that begin with a \"-\". An adversary could\n             supply a filename like \"-aR\", producing the \"ls -l -aR\"\n             command (CWE-88), thereby getting a full recursive\n             listing of the entire directory and all of its\n             sub-directories.", "There are a couple possible mitigations for this\n\t     weakness. One would be to refactor the code to avoid\n\t     using system() altogether, instead relying on internal\n\t     functions.", "Another option could be to add a \"--\" argument\n\t     to the ls command, such as \"ls -l --\", so that any\n\t     remaining arguments are treated as filenames, causing\n\t     any leading \"-\" to be treated as part of a filename\n\t     instead of another option.", "Another fix might be to change the regular expression used in validate_name to force the first character of the filename to be a letter or number, such as:"]}}, {"Intro_Text": "CVE-2016-10033 / [REF-1249] provides a useful real-world example of this weakness within PHPMailer.", "Body_Text": "The program calls PHP's mail() function to compose and send mail. The fifth argument to mail() is a set of parameters. The program intends to provide a \"-fSENDER\" parameter, where SENDER is expected to be a well-formed email address. The program has already validated the e-mail address before invoking mail(), but there is a lot of flexibility in what constitutes a well-formed email address, including whitespace. With some additional allowed characters to perform some escaping, the adversary can specify an additional \"-o\" argument (listing an output file) and a \"-X\" argument (giving a program to execute). Additional details for this kind of exploit are in [REF-1250]."}]}, "Observed_Examples": {"Observed_Example": [{"Reference": "CVE-2022-36069", "Description": "Python-based dependency management tool avoids OS command injection  when generating Git commands but allows  injection of optional arguments with input beginning with a dash (CWE-88), potentially allowing for code execution.", "Link": "https://www.cve.org/CVERecord?id=CVE-2022-36069"}, {"Reference": "CVE-1999-0113", "Description": "Canonical Example - \"-froot\" argument is passed on to another program, where the \"-f\" causes execution as user \"root\"", "Link": "https://www.cve.org/CVERecord?id=CVE-1999-0113"}, {"Reference": "CVE-2001-0150", "Description": "Web browser executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands.", "Link": "https://www.cve.org/CVERecord?id=CVE-2001-0150"}, {"Reference": "CVE-2001-0667", "Description": "Web browser allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed.", "Link": "https://www.cve.org/CVERecord?id=CVE-2001-0667"}, {"Reference": "CVE-2002-0985", "Description": "Argument injection vulnerability in the mail function for PHP may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) possibly executing commands.", "Link": "https://www.cve.org/CVERecord?id=CVE-2002-0985"}, {"Reference": "CVE-2003-0907", "Description": "Help and Support center in windows does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an \"hcp://\" URL.", "Link": "https://www.cve.org/CVERecord?id=CVE-2003-0907"}, {"Reference": "CVE-2004-0121", "Description": "Mail client does not sufficiently filter parameters of mailto: URLs when using them as arguments to mail executable, which allows remote attackers to execute arbitrary programs.", "Link": "https://www.cve.org/CVERecord?id=CVE-2004-0121"}, {"Reference": "CVE-2004-0473", "Description": "Web browser doesn't filter \"-\" when invoking various commands, allowing command-line switches to be specified.", "Link": "https://www.cve.org/CVERecord?id=CVE-2004-0473"}, {"Reference": "CVE-2004-0480", "Description": "Mail client allows remote attackers to execute arbitrary code via a URI that uses a UNC network share pathname to provide an alternate configuration file.", "Link": "https://www.cve.org/CVERecord?id=CVE-2004-0480"}, {"Reference": "CVE-2004-0489", "Description": "SSH URI handler for web browser allows remote attackers to execute arbitrary code or conduct port forwarding via the a command line option.", "Link": "https://www.cve.org/CVERecord?id=CVE-2004-0489"}, {"Reference": "CVE-2004-0411", "Description": "Web browser doesn't filter \"-\" when invoking various commands, allowing command-line switches to be specified.", "Link": "https://www.cve.org/CVERecord?id=CVE-2004-0411"}, {"Reference": "CVE-2005-4699", "Description": "Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via \"--\" style options in the q_Host parameter.", "Link": "https://www.cve.org/CVERecord?id=CVE-2005-4699"}, {"Reference": "CVE-2006-1865", "Description": "Beagle before 0.2.5 can produce certain insecure command lines to launch external helper applications while indexing, which allows attackers to execute arbitrary commands. NOTE: it is not immediately clear whether this issue involves argument injection, shell metacharacters, or other issues.", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-1865"}, {"Reference": "CVE-2006-2056", "Description": "Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-2056"}, {"Reference": "CVE-2006-2057", "Description": "Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-2057"}, {"Reference": "CVE-2006-2058", "Description": "Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-2058"}, {"Reference": "CVE-2006-2312", "Description": "Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-2312"}, {"Reference": "CVE-2006-3015", "Description": "Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-3015"}, {"Reference": "CVE-2006-4692", "Description": "Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \"/\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \"Object Packager Dialogue Spoofing Vulnerability.\"", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-4692"}, {"Reference": "CVE-2006-6597", "Description": "Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via the /r option in a telnet:// URI, which is configured to use hawin32.exe.", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-6597"}, {"Reference": "CVE-2007-0882", "Description": "Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client \"-f\" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.", "Link": "https://www.cve.org/CVERecord?id=CVE-2007-0882"}, {"Reference": "CVE-2001-1246", "Description": "Language interpreter's mail function accepts another argument that is concatenated to a string used in a dangerous popen() call. Since there is no neutralization of this argument, both OS Command Injection (CWE-78) and Argument Injection (CWE-88) are possible.", "Link": "https://www.cve.org/CVERecord?id=CVE-2001-1246"}, {"Reference": "CVE-2019-13475", "Description": "Argument injection allows execution of arbitrary commands by injecting a \"-exec\" option, which is executed by the command.", "Link": "https://www.cve.org/CVERecord?id=CVE-2019-13475"}, {"Reference": "CVE-2016-10033", "Description": "Argument injection in mail-processing function allows writing unxpected files and executing programs using tecnically-valid email addresses that insert \"-o\" and \"-X\" switches.", "Link": "https://www.cve.org/CVERecord?id=CVE-2016-10033"}]}, "Functional_Areas": {"Functional_Area": "Program Invocation"}, "Affected_Resources": {"Affected_Resource": "System Process"}, "Taxonomy_Mappings": {"Taxonomy_Mapping": [{"@Taxonomy_Name": "PLOVER", "Entry_Name": "Argument Injection or Modification"}, {"@Taxonomy_Name": "CERT C Secure Coding", "Entry_ID": "ENV03-C", "Entry_Name": "Sanitize the environment when invoking external programs"}, {"@Taxonomy_Name": "CERT C Secure Coding", "Entry_ID": "ENV33-C", "Entry_Name": "Do not call system()", "Mapping_Fit": "Imprecise"}, {"@Taxonomy_Name": "CERT C Secure Coding", "Entry_ID": "STR02-C", "Entry_Name": "Sanitize data passed to complex subsystems"}, {"@Taxonomy_Name": "WASC", "Entry_ID": "30", "Entry_Name": "Mail Command Injection"}]}, "Related_Attack_Patterns": {"Related_Attack_Pattern": [{"@CAPEC_ID": "137"}, {"@CAPEC_ID": "174"}, {"@CAPEC_ID": "41"}, {"@CAPEC_ID": "460"}, {"@CAPEC_ID": "88"}]}, "References": {"Reference": [{"@External_Reference_ID": "REF-859"}, {"@External_Reference_ID": "REF-62", "@Section": "Chapter 10, \"The Argument Array\", Page 567"}, {"@External_Reference_ID": "REF-1030"}, {"@External_Reference_ID": "REF-1249"}, {"@External_Reference_ID": "REF-1250"}]}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Notes": {"Note": {"@Type": "Relationship", "#text": "At one layer of abstraction, this can overlap other weaknesses that have whitespace problems, e.g. injection of javascript into attributes of HTML tags."}}, "Content_History": {"Submission": {"Submission_Name": "PLOVER", "Submission_Date": "2006-07-19", "Submission_Version": "Draft 3", "Submission_ReleaseDate": "2006-07-19"}, "Modification": [{"Modification_Name": "Eric Dalci", "Modification_Organization": "Cigital", "Modification_Date": "2008-07-01", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Time_of_Introduction"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2008-09-08", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2008-11-24", "Modification_Version": "1.1", "Modification_ReleaseDate": "2008-11-25", "Modification_Comment": "updated Observed_Examples, Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2009-07-27", "Modification_Version": "1.5", "Modification_ReleaseDate": "2009-07-27", "Modification_Comment": "updated Other_Notes, Relationship_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2009-10-29", "Modification_Version": "1.6", "Modification_ReleaseDate": "2009-10-29", "Modification_Comment": "updated Observed_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2010-02-16", "Modification_Version": "1.8", "Modification_ReleaseDate": "2010-02-16", "Modification_Comment": "updated Potential_Mitigations, Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2010-04-05", "Modification_Version": "1.8.1", "Modification_ReleaseDate": "2010-04-05", "Modification_Comment": "updated Related_Attack_Patterns"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2010-06-21", "Modification_Version": "1.9", "Modification_ReleaseDate": "2010-06-21", "Modification_Comment": "updated Observed_Examples, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2010-09-27", "Modification_Version": "1.10", "Modification_ReleaseDate": "2010-09-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-06-01", "Modification_Version": "1.13", "Modification_ReleaseDate": "2011-06-01", "Modification_Comment": "updated Common_Consequences"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-09-13", "Modification_Version": "2.1", "Modification_ReleaseDate": "2011-09-13", "Modification_Comment": "updated Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-05-11", "Modification_Version": "2.2", "Modification_ReleaseDate": "2012-05-15", "Modification_Comment": "updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Related_Attack_Patterns, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-10-30", "Modification_Version": "2.3", "Modification_ReleaseDate": "2012-10-30", "Modification_Comment": "updated Potential_Mitigations"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2014-06-23", "Modification_Version": "2.7", "Modification_ReleaseDate": "2014-06-23", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2014-07-30", "Modification_Version": "2.8", "Modification_ReleaseDate": "2014-07-31", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2015-12-07", "Modification_Version": "2.9", "Modification_ReleaseDate": "2015-12-07", "Modification_Comment": "updated Demonstrative_Examples, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2017-11-08", "Modification_Version": "3.0", "Modification_ReleaseDate": "2017-11-08", "Modification_Comment": "updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2018-03-27", "Modification_Version": "3.1", "Modification_ReleaseDate": "2018-03-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2019-01-03", "Modification_Version": "3.2", "Modification_ReleaseDate": "2019-01-03", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2019-06-20", "Modification_Version": "3.3", "Modification_ReleaseDate": "2019-06-20", "Modification_Comment": "updated Related_Attack_Patterns, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2019-09-19", "Modification_Version": "3.4", "Modification_ReleaseDate": "2019-09-19", "Modification_Comment": "updated Description, Name, References, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2019-09-23", "Modification_Version": "3.4.1", "Modification_ReleaseDate": "2019-09-23", "Modification_Comment": "updated Description, Name, Observed_Examples, Potential_Mitigations"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Potential_Mitigations, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-06-25", "Modification_Version": "4.1", "Modification_ReleaseDate": "2020-06-25", "Modification_Comment": "updated Potential_Mitigations"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-08-20", "Modification_Version": "4.2", "Modification_ReleaseDate": "2020-08-20", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-12-10", "Modification_Version": "4.3", "Modification_ReleaseDate": "2020-12-10", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-10-28", "Modification_Version": "4.6", "Modification_ReleaseDate": "2021-10-28", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2022-04-28", "Modification_Version": "4.7", "Modification_ReleaseDate": "2022-04-28", "Modification_Comment": "updated Applicable_Platforms, Demonstrative_Examples, Observed_Examples, References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2022-10-13", "Modification_Version": "4.9", "Modification_ReleaseDate": "2022-10-13", "Modification_Comment": "updated Observed_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-01-31", "Modification_Version": "4.10", "Modification_ReleaseDate": "2023-01-31", "Modification_Comment": "updated Description, Potential_Mitigations"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Description, Detection_Factors, References, Relationships, Time_of_Introduction"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2024-07-16", "Modification_Version": "4.15", "Modification_ReleaseDate": "2024-07-16", "Modification_Comment": "updated Observed_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-09-09", "Modification_Version": "4.18", "Modification_ReleaseDate": "2025-09-09", "Modification_Comment": "updated Functional_Areas"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Applicable_Platforms, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2026-04-30", "Modification_Version": "4.20", "Modification_ReleaseDate": "2026-04-30", "Modification_Comment": "updated Potential_Mitigations"}], "Contribution": {"@Type": "Feedback", "Contribution_Name": "Anonymous External Contributor", "Contribution_Date": "2021-05-28", "Contribution_Comment": "Identified inappropriate demonstrative example, suggested new observed example, applicable language."}, "Previous_Entry_Name": [{"@Date": "2019-09-19", "#text": "Argument Injection or Modification"}, {"@Date": "2019-09-23", "#text": "Improper Delimitation of Arguments in a Command ('Argument Injection')"}]}}
