Common Weakness Enumeration

CWE-115

Allowed

Misinterpretation of Input

Abstraction: Base · Status: Incomplete

The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

48 vulnerabilities reference this CWE, most recent first.

GHSA-F6M9-HPFW-XJW4

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2024-12-13 15:30
VLAI
Details

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12123"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-115",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-28T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",
  "id": "GHSA-f6m9-hpfw-xjw4",
  "modified": "2024-12-13T15:30:38Z",
  "published": "2022-05-13T01:27:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12123"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:1821"
    },
    {
      "type": "WEB",
      "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-48"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20241213-0008"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F9C6-4J9H-6C5R

Vulnerability from github – Published: 2023-02-17 03:30 – Updated: 2023-02-28 14:36
VLAI
Summary
Misinterpretation of Input in thorsten/phpmyfaq
Details

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "thorsten/phpmyfaq"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-0880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-115"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-17T20:55:07Z",
    "nvd_published_at": "2023-02-17T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.",
  "id": "GHSA-f9c6-4j9h-6c5r",
  "modified": "2023-02-28T14:36:54Z",
  "published": "2023-02-17T03:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0880"
    },
    {
      "type": "WEB",
      "url": "https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/thorsten/phpMyFAQ"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Misinterpretation of Input in thorsten/phpmyfaq"
}

GHSA-FP9P-7HX8-XFP3

Vulnerability from github – Published: 2025-02-07 15:32 – Updated: 2025-02-14 00:30
VLAI
Details

A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks.

Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained with SSRF.

It is similiar to CVE-2016-10517 in Redis.

This issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0.

Users are recommended to upgrade to version 2.11.1, which fixes the issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25069"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-115"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-07T13:15:32Z",
    "severity": "MODERATE"
  },
  "details": "A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks.\n\nSince Kvrocks didn\u0027t detect if \"Host:\" or \"POST\" appears in RESP requests,\na valid HTTP request can also be sent to Kvrocks as a valid RESP request \nand trigger some database operations, which can be\u00a0dangerous when \nit is chained with SSRF.\n\nIt is similiar to\u00a0CVE-2016-10517 in Redis.\n\nThis issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0.\n\nUsers are recommended to upgrade to version 2.11.1, which fixes the issue.",
  "id": "GHSA-fp9p-7hx8-xfp3",
  "modified": "2025-02-14T00:30:44Z",
  "published": "2025-02-07T15:32:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25069"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/gbxv9gpsskmdzg6z48zm3tvo8cyo9v3t"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10517"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G694-M8VQ-GV9H

Vulnerability from github – Published: 2022-04-05 00:00 – Updated: 2022-04-15 02:53
VLAI
Summary
URL Confusion When Scheme Not Supplied in medialize/uri.js
Details

Medialize is a Javascript URL mutation library. When parsing a URL without a scheme and with excessive slashes, like ///www.example.com, URI.js will parse the hostname as null and the path as /www.example.com. Such behaviour is different from that exhibited by browsers, which will parse ///www.example.com as http://www.example.com instead. For example, the following will cause a redirect to http://www.example.com: A fix was released in version 1.19.11.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "urijs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.19.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-1233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-115",
      "CWE-601"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-05T18:34:38Z",
    "nvd_published_at": "2022-04-04T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Medialize is a Javascript URL mutation library. When parsing a URL without a scheme and with excessive slashes, like ///www.example.com, URI.js will parse the hostname as null and the path as /www.example.com. Such behaviour is different from that exhibited by browsers, which will parse ///www.example.com as http://www.example.com instead. For example, the following will cause a redirect to http://www.example.com: A fix was released in version 1.19.11.",
  "id": "GHSA-g694-m8vq-gv9h",
  "modified": "2022-04-15T02:53:33Z",
  "published": "2022-04-05T00:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1233"
    },
    {
      "type": "WEB",
      "url": "https://github.com/medialize/uri.js/commit/88805fd3da03bd7a5e60947adb49d182011f1277"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/medialize/uri.js"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/228d5548-1109-49f8-8aee-91038e88371c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "URL Confusion When Scheme Not Supplied in medialize/uri.js"
}

GHSA-G7V2-7V9M-Q9J4

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2023-07-27 15:30
VLAI
Details

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-29511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-115"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-14T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.",
  "id": "GHSA-g7v2-7v9m-q9j4",
  "modified": "2023-07-27T15:30:33Z",
  "published": "2022-05-24T17:36:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29511"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210129-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GMQG-7635-V6CJ

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32
VLAI
Details

An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11169"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-115"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T10:15:24Z",
    "severity": "HIGH"
  },
  "details": "An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6.",
  "id": "GHSA-gmqg-7635-v6cj",
  "modified": "2025-03-20T12:32:41Z",
  "published": "2025-03-20T12:32:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11169"
    },
    {
      "type": "WEB",
      "url": "https://github.com/danny-avila/librechat/commit/629be5c0ca2b332178524b4e3f6fac715aea8cc4"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/754e1649-5612-4ba9-a533-06b46de5c4b5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H6Q6-9HQW-RWFV

Vulnerability from github – Published: 2021-03-12 22:39 – Updated: 2023-01-02 21:51
VLAI
Summary
Misinterpretation of malicious XML input
Details

Impact

xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents.

This may lead to unexpected syntactic changes during XML processing in some downstream applications.

Patches

Update to 0.5.0 (once it is released)

Workarounds

Downstream applications can validate the input and reject the maliciously crafted documents.

References

Similar to this one reported on the Go standard library:

  • https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/

For more information

If you have any questions or comments about this advisory:

  • Open an issue in xmldom/xmldom
  • Email us: send an email to all addresses that are shown by npm owner ls xmldom
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "xmldom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21366"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-115",
      "CWE-436"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-12T16:21:24Z",
    "nvd_published_at": "2021-03-12T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nxmldom versions 0.4.0 and older do not correctly preserve [system identifiers](https://www.w3.org/TR/2008/REC-xml-20081126/#d0e4313), [FPIs](https://en.wikipedia.org/wiki/Formal_Public_Identifier) or [namespaces](https://www.w3.org/TR/xml-names11/) when repeatedly parsing and serializing maliciously crafted documents.\n\nThis may lead to unexpected syntactic changes during XML processing in some downstream applications.\n\n### Patches\n\nUpdate to 0.5.0 (once it is released)\n\n### Workarounds\n\nDownstream applications can validate the input and reject the maliciously crafted documents.\n\n### References\n\nSimilar to this one reported on the Go standard library:\n\n- https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [`xmldom/xmldom`](https://github.com/xmldom/xmldom)\n* Email us: send an email to **all** addresses that are shown by `npm owner ls xmldom`",
  "id": "GHSA-h6q6-9hqw-rwfv",
  "modified": "2023-01-02T21:51:19Z",
  "published": "2021-03-12T22:39:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21366"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xmldom/xmldom"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xmldom/xmldom/releases/tag/0.5.0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/xmldom"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Misinterpretation of malicious XML input"
}

GHSA-PQW5-JMP5-PX4V

Vulnerability from github – Published: 2022-09-16 00:00 – Updated: 2022-09-19 20:25
VLAI
Summary
parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
Details

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-url"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-3224"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-115"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-16T21:21:19Z",
    "nvd_published_at": "2022-09-15T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL\u0027s protocol as ssh. It may also parse the host name incorrectly.",
  "id": "GHSA-pqw5-jmp5-px4v",
  "modified": "2022-09-19T20:25:17Z",
  "published": "2022-09-16T00:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3224"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ionicabizau/parse-url/commit/9cacf38de02db0fb1358bd6ec04543e523cd6a8e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ionicabizau/parse-url"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/3587a567-7fcd-4702-b7c9-d9ca565e3c62"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing"
}

GHSA-Q4QQ-C3QM-82JJ

Vulnerability from github – Published: 2026-06-25 15:31 – Updated: 2026-06-25 15:31
VLAI
Details

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-115"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T13:16:40Z",
    "severity": "LOW"
  },
  "details": "An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist\u2019s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.",
  "id": "GHSA-q4qq-c3qm-82jj",
  "modified": "2026-06-25T15:31:59Z",
  "published": "2026-06-25T15:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42004"
    },
    {
      "type": "WEB",
      "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QXP5-GWG8-XV66

Vulnerability from github – Published: 2025-03-12 22:06 – Updated: 2026-04-24 20:36
VLAI
Summary
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
Details

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "golang.org/x/net"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.36.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-22870"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-115",
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-12T22:06:40Z",
    "nvd_published_at": "2025-03-12T19:15:38Z",
    "severity": "MODERATE"
  },
  "details": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
  "id": "GHSA-qxp5-gwg8-xv66",
  "modified": "2026-04-24T20:36:12Z",
  "published": "2025-03-12T22:06:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22870"
    },
    {
      "type": "PACKAGE",
      "url": "https://go-review.googlesource.com/q/project:net"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/654697"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/71984"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-3503"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250509-0007"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/03/07/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.