CWE-1286
AllowedImproper Validation of Syntactic Correctness of Input
Abstraction: Base · Status: Incomplete
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
150 vulnerabilities reference this CWE, most recent first.
GHSA-H2QV-FJ59-J46J
Vulnerability from github – Published: 2026-06-11 20:19 – Updated: 2026-07-10 12:31Impact
The HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested PP2_TYPE_SSL TLVs (type-length-value records) at depth two or greater. The leak occurs on the successful parse path — no exception is thrown, the message fires downstream, the decoder removes itself, and the application releases the HAProxyMessage normally. Yet the underlying cumulation buffer (a pooled, potentially direct ByteBuf allocated by the channel) remains permanently pinned.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.14.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-haproxy"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0.Final"
},
{
"fixed": "4.2.15.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.134.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-haproxy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.135.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48059"
],
"database_specific": {
"cwe_ids": [
"CWE-1286",
"CWE-401"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-11T20:19:27Z",
"nvd_published_at": "2026-06-12T16:16:30Z",
"severity": "HIGH"
},
"details": "### Impact\nThe HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested `PP2_TYPE_SSL` TLVs (type-length-value records) at depth two or greater. The leak occurs on the successful parse path \u2014 no exception is thrown, the message fires downstream, the decoder removes itself, and the application releases the `HAProxyMessage` normally. Yet the underlying cumulation buffer (a pooled, potentially direct `ByteBuf` allocated by the channel) remains permanently pinned.",
"id": "GHSA-h2qv-fj59-j46j",
"modified": "2026-07-10T12:31:39Z",
"published": "2026-06-11T20:19:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/netty/netty/security/advisories/GHSA-h2qv-fj59-j46j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48059"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26017"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26018"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26586"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37390"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-48059"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488437"
},
{
"type": "PACKAGE",
"url": "https://github.com/netty/netty"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48059.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion"
}
GHSA-HFW6-RP3P-9R78
Vulnerability from github – Published: 2025-04-30 12:31 – Updated: 2025-04-30 12:31A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request.
{
"affected": [],
"aliases": [
"CVE-2025-24348"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-30T12:15:21Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the \u201cNetwork Interfaces\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request.",
"id": "GHSA-hfw6-rp3p-9r78",
"modified": "2025-04-30T12:31:25Z",
"published": "2025-04-30T12:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24348"
},
{
"type": "WEB",
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-HQ5P-JR85-6779
Vulnerability from github – Published: 2026-01-15 21:31 – Updated: 2026-01-15 21:31An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series:
- 23.2 versions from 23.2R2-S2 before 23.2R2-S5,
- 23.4 versions from 23.4R2-S1 before 23.4R2-S5,
- 24.2 versions before 24.2R2-S2,
- 24.4 versions before 24.4R1-S3, 24.4R2.
Earlier versions of Junos are also affected, but no fix is available.
{
"affected": [],
"aliases": [
"CVE-2026-21917"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-15T21:16:07Z",
"severity": "HIGH"
},
"details": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart.\nThis issue affects Junos OS on SRX Series:\n\n\n\n * 23.2 versions from 23.2R2-S2 before 23.2R2-S5,\u00a0\n * 23.4 versions from 23.4R2-S1 before 23.4R2-S5,\n * 24.2 versions before 24.2R2-S2,\n * 24.4 versions before 24.4R1-S3, 24.4R2.\n\n\nEarlier versions of Junos are also affected, but no fix is available.",
"id": "GHSA-hq5p-jr85-6779",
"modified": "2026-01-15T21:31:48Z",
"published": "2026-01-15T21:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21917"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA105996"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA105996"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HWC4-2RMW-HCVQ
Vulnerability from github – Published: 2024-04-10 18:30 – Updated: 2024-04-10 18:30A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.
{
"affected": [],
"aliases": [
"CVE-2024-3384"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T17:15:57Z",
"severity": "HIGH"
},
"details": "A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.",
"id": "GHSA-hwc4-2rmw-hcvq",
"modified": "2024-04-10T18:30:48Z",
"published": "2024-04-10T18:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3384"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2024-3384"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J3GX-2473-5FP8
Vulnerability from github – Published: 2026-03-07 00:30 – Updated: 2026-07-15 12:31url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
{
"affected": [],
"aliases": [
"CVE-2026-25679"
],
"database_specific": {
"cwe_ids": [
"CWE-1286",
"CWE-425"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-06T22:16:00Z",
"severity": "HIGH"
},
"details": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.",
"id": "GHSA-j3gx-2473-5fp8",
"modified": "2026-07-15T12:31:46Z",
"published": "2026-03-07T00:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6388"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6564"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6720"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6949"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7005"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7009"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7011"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7259"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7315"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7328"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7665"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7669"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7674"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7833"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7834"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7876"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7877"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7878"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7879"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7883"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7992"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8167"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8314"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8322"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8324"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8949"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27076"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28047"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28886"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28893"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28961"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29035"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29195"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29702"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29703"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29854"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33722"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34097"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34365"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36317"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36319"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36651"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36796"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39810"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5549"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5941"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5942"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5943"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5944"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6341"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6344"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6382"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6383"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9043"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9044"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9052"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9090"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9093"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9094"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9097"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9098"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9108"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9109"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9434"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9435"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9436"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9439"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9440"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9448"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9453"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9461"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9695"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9872"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"type": "WEB",
"url": "https://go.dev/cl/752180"
},
{
"type": "WEB",
"url": "https://go.dev/issue/77578"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25679.json"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8337"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8338"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8433"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8434"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8456"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8483"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8484"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8490"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8491"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8493"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8840"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8841"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8842"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8845"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8847"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8848"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8849"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8851"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8852"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8853"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8855"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8856"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8860"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8877"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8878"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8879"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8881"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8882"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8930"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8931"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:12031"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:12032"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:12033"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:12282"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13508"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13512"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13545"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13642"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13643"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13671"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13791"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13829"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14020"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14100"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14774"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14868"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14879"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:15091"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16102"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16696"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16875"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17040"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17084"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17287"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17598"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19017"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19022"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19026"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19027"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10065"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10133"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10140"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10141"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10169"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10175"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10184"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10701"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10712"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10929"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11217"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11375"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11412"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11413"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11686"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11688"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11747"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11749"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11768"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11800"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:12028"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:12029"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:12030"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21657"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21691"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21696"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22627"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22733"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22937"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23228"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24386"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25043"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25180"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25248"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25250"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25251"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25252"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25253"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26445"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26527"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26541"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26568"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26585"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26636"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19031"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19032"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19049"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19055"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19126"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19128"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19132"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19133"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19135"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19181"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19184"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19185"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19207"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19350"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19353"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19475"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19634"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19719"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19720"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19721"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19750"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20041"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20088"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20581"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20582"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20584"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21655"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J87V-9H8F-Q7X4
Vulnerability from github – Published: 2026-03-19 03:30 – Updated: 2026-03-19 03:30IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account.
{
"affected": [],
"aliases": [
"CVE-2025-13995"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-19T03:16:01Z",
"severity": "MODERATE"
},
"details": "IBM QRadar SIEM\u00a07.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant\u0027s account.",
"id": "GHSA-j87v-9h8f-q7x4",
"modified": "2026-03-19T03:30:57Z",
"published": "2026-03-19T03:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13995"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7266709"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JGPR-GFXW-CGXQ
Vulnerability from github – Published: 2023-10-13 00:30 – Updated: 2025-05-02 18:31An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).
When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts.
This issue affects both eBGP and iBGP implementations.
This issue affects:
Juniper Networks Junos OS
- 21.4 versions prior to 21.4R3-S4;
- 22.1 versions prior to 22.1R3-S3;
- 22.2 versions prior to 22.2R3-S2;
- 22.3 versions prior to 22.3R2-S2, 22.3R3;
- 22.4 versions prior to 22.4R2-S1, 22.4R3;
- 23.2 versions prior to 23.2R1, 23.2R2;
Juniper Networks Junos OS Evolved
- 21.4 versions prior to 21.4R3-S5-EVO;
- 22.1 versions prior to 22.1R3-S3-EVO;
- 22.2 versions prior to 22.2R3-S3-EVO;
- 22.3 versions prior to 22.3R2-S2-EVO;
- 22.4 versions prior to 22.4R3-EVO;
- 23.2 versions prior to 23.2R2-EVO;
{
"affected": [],
"aliases": [
"CVE-2023-44204"
],
"database_specific": {
"cwe_ids": [
"CWE-1286",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-13T00:15:13Z",
"severity": "MODERATE"
},
"details": "An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\n\nWhen a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts.\n\nThis issue affects both eBGP and iBGP implementations.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R1, 23.2R2;\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S3-EVO;\n * 22.2 versions prior to 22.2R3-S3-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO;\n * 22.4 versions prior to 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO;",
"id": "GHSA-jgpr-gfxw-cgxq",
"modified": "2025-05-02T18:31:25Z",
"published": "2023-10-13T00:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44204"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA73170"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JJ37-3377-M6VV
Vulnerability from github – Published: 2025-11-14 21:30 – Updated: 2026-05-13 13:45Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-mm7p-fcc7-pg87. This link is maintained to preserve external references.
Original Description
A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "nodemailer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1286",
"CWE-436"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-17T17:17:33Z",
"nvd_published_at": "2025-11-14T20:15:45Z",
"severity": "HIGH"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-mm7p-fcc7-pg87. This link is maintained to preserve external references.\n\n## Original Description\nA vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker\u0027s external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.",
"id": "GHSA-jj37-3377-m6vv",
"modified": "2026-05-13T13:45:17Z",
"published": "2025-11-14T21:30:29Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13033"
},
{
"type": "WEB",
"url": "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3751"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-13033"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402179"
},
{
"type": "PACKAGE",
"url": "https://github.com/nodemailer/nodemailer"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict",
"withdrawn": "2025-11-17T17:17:33Z"
}
GHSA-JWQG-83QR-7FPH
Vulnerability from github – Published: 2023-09-19 12:30 – Updated: 2024-09-20 12:31A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.
During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.
{
"affected": [],
"aliases": [
"CVE-2023-32649"
],
"database_specific": {
"cwe_ids": [
"CWE-1286",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-19T11:16:20Z",
"severity": "HIGH"
},
"details": "A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.\n\nDuring the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.\n\n\n\n",
"id": "GHSA-jwqg-83qr-7fph",
"modified": "2024-09-20T12:31:45Z",
"published": "2023-09-19T12:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32649"
},
{
"type": "WEB",
"url": "https://security.nozominetworks.com/NN-2023:10-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M5VF-RP25-854P
Vulnerability from github – Published: 2023-07-25 09:30 – Updated: 2024-04-04 06:20Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions.
{
"affected": [],
"aliases": [
"CVE-2023-21405"
],
"database_specific": {
"cwe_ids": [
"CWE-1286",
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-25T08:15:09Z",
"severity": "MODERATE"
},
"details": "\nKnud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network\nIntercoms when communicating over OSDP, highlighting that the OSDP message parser crashes\nthe pacsiod process, causing a temporary unavailability of the door-controlling functionalities\nmeaning that doors cannot be opened or closed. No sensitive or customer data can be extracted\nas the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions.",
"id": "GHSA-m5vf-rp25-854p",
"modified": "2024-04-04T06:20:47Z",
"published": "2023-07-25T09:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21405"
},
{
"type": "WEB",
"url": "https://www.axis.com/dam/public/7f/3a/ed/cve-2023-21405-en-US-407244.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-66: SQL Injection
This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input.
CAPEC-676: NoSQL Injection
An adversary targets software that constructs NoSQL statements based on user input or with parameters vulnerable to operator replacement in order to achieve a variety of technical impacts such as escalating privileges, bypassing authentication, and/or executing code.