CWE-1287
AllowedImproper Validation of Specified Type of Input
Abstraction: Base · Status: Incomplete
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
259 vulnerabilities reference this CWE, most recent first.
GHSA-37J4-MQR6-6M6X
Vulnerability from github – Published: 2025-04-15 18:31 – Updated: 2025-10-09 21:31HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.
{
"affected": [],
"aliases": [
"CVE-2024-42189"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-15T18:15:44Z",
"severity": "MODERATE"
},
"details": "HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.",
"id": "GHSA-37j4-mqr6-6m6x",
"modified": "2025-10-09T21:31:08Z",
"published": "2025-04-15T18:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42189"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120585"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-37X9-HXCW-W9FV
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
{
"affected": [],
"aliases": [
"CVE-2025-59257"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:16:08Z",
"severity": "MODERATE"
},
"details": "Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.",
"id": "GHSA-37x9-hxcw-w9fv",
"modified": "2025-10-14T18:30:35Z",
"published": "2025-10-14T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59257"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59257"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-38CC-8H76-38HF
Vulnerability from github – Published: 2024-07-17 00:32 – Updated: 2024-07-18 15:31Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2024-3175"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-16T23:15:24Z",
"severity": "MODERATE"
},
"details": "Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)",
"id": "GHSA-38cc-8h76-38hf",
"modified": "2024-07-18T15:31:19Z",
"published": "2024-07-17T00:32:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3175"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/40069571"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3CG3-3MMR-W8HJ
Vulnerability from github – Published: 2025-08-11 21:31 – Updated: 2025-08-12 00:07Mattermost Confluence Plugin versions < 1.5.0 fail to handle unexpected request bodies, allowing attackers to crash the plugin via constant hits to the create channel subscription endpoint with an invalid request body.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-plugin-confluence"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-54525"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-12T00:07:04Z",
"nvd_published_at": "2025-08-11T19:15:30Z",
"severity": "HIGH"
},
"details": "Mattermost Confluence Plugin versions \u003c 1.5.0 fail to handle unexpected request bodies, allowing attackers to crash the plugin via constant hits to the create channel subscription endpoint with an invalid request body.",
"id": "GHSA-3cg3-3mmr-w8hj",
"modified": "2025-08-12T00:07:04Z",
"published": "2025-08-11T21:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54525"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost-plugin-confluence"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Mattermost Confluence Plugin has Improper Validation of Specified Type of Input"
}
GHSA-3CW2-66PX-R367
Vulnerability from github – Published: 2023-08-30 09:30 – Updated: 2024-03-13 03:31An issue has been discovered in GitLab affecting all versions starting from 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit
{
"affected": [],
"aliases": [
"CVE-2023-4522"
],
"database_specific": {
"cwe_ids": [
"CWE-1287",
"CWE-138"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-30T08:15:52Z",
"severity": "MODERATE"
},
"details": "An issue has been discovered in GitLab affecting all versions starting from 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit",
"id": "GHSA-3cw2-66px-r367",
"modified": "2024-03-13T03:31:05Z",
"published": "2023-08-30T09:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4522"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1937213"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/406817"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3CX3-RW7F-7Q37
Vulnerability from github – Published: 2026-03-16 21:34 – Updated: 2026-03-16 21:34Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID: MMSA-2025-00537
{
"affected": [],
"aliases": [
"CVE-2026-2454"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-16T21:16:33Z",
"severity": "MODERATE"
},
"details": "Mattermost versions 11.3.x \u003c= 11.3.0, 11.2.x \u003c= 11.2.2, 10.11.x \u003c= 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID: MMSA-2025-00537",
"id": "GHSA-3cx3-rw7f-7q37",
"modified": "2026-03-16T21:34:32Z",
"published": "2026-03-16T21:34:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2454"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3G36-GF7C-75QW
Vulnerability from github – Published: 2025-04-24 09:30 – Updated: 2025-04-24 16:09Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of service (DoS) of the web app for all users.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 2.1.1"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-plugin-playbooks"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0-20250218121836-2b5275d87136"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 10.4.3"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.4.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 10.5.1"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.5.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 9.11.11"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "9.11.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-plugin-playbooks"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.41.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-41395"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-24T16:09:27Z",
"nvd_published_at": "2025-04-24T07:15:31Z",
"severity": "MODERATE"
},
"details": "Mattermost versions 10.4.x \u003c= 10.4.2, 10.5.x \u003c= 10.5.0, 9.11.x \u003c= 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which\u00a0allows an attacker to create a specially crafted post with maliciously crafted props\u00a0and cause a denial of service (DoS) of the web app for all users.",
"id": "GHSA-3g36-gf7c-75qw",
"modified": "2025-04-24T16:09:27Z",
"published": "2025-04-24T09:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41395"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost-plugin-playbooks/commit/4c823090e281cb9c0d5c17ee2e5db275117540d1"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/2b5275d87136f07e016c8eca09a2f004b31afc8a"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost-plugin-playbooks"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type"
}
GHSA-3GHV-QQMP-P6C4
Vulnerability from github – Published: 2025-11-11 09:30 – Updated: 2025-11-11 09:30The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account.
{
"affected": [],
"aliases": [
"CVE-2025-9524"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T08:15:35Z",
"severity": "MODERATE"
},
"details": "The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account.",
"id": "GHSA-3ghv-qqmp-p6c4",
"modified": "2025-11-11T09:30:31Z",
"published": "2025-11-11T09:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9524"
},
{
"type": "WEB",
"url": "https://www.axis.com/dam/public/f1/f0/1e/cve-2025-9524pdf-en-US-504220.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3HRH-PFW6-9M5X
Vulnerability from github – Published: 2026-06-04 17:59 – Updated: 2026-06-04 17:59Summary
The serialize() function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax (;, \r, \n), but does not apply the same validation to sameSite and priority. An application that passes user-controlled input into either option may produce a Set-Cookie response header containing attacker-chosen additional attributes.
Details
When constructing a Set-Cookie header value, serialize() appends the sameSite and priority option values directly into the output string after a presentation-only transformation (capitalizing the first character). Although the TypeScript type signature constrains these options to specific string literals, that constraint is not enforced at runtime; any string value, including one containing ; or line-feed characters, passes through unchanged.
The validation guard that rejects ;, \r, and \n from domain and path is not applied to sameSite or priority. An application that passes a request-derived value to either option therefore provides an injection point into the header line.
This issue arises when an application passes user-controlled input to the sameSite or priority option of setCookie() or serialize().
Impact
An attacker who can control the sameSite or priority option value may inject additional attributes into a Set-Cookie response header.
This may lead to:
- Cookie attribute injection — overriding
Domain,Path,HttpOnly,Secure, orMax-Agefor the affected cookie - HTTP response header injection on runtimes that do not strictly validate header values, enabling a second attacker-controlled
Set-Cookieheader in the same response
This issue affects applications that pass user-derived input into the sameSite or priority option of hono/cookie serialization functions.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "hono"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.12.21"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-47675"
],
"database_specific": {
"cwe_ids": [
"CWE-113",
"CWE-1287"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-04T17:59:25Z",
"nvd_published_at": "2026-05-28T17:16:32Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nThe `serialize()` function in `hono/cookie` validates `domain` and `path` options against characters that corrupt `Set-Cookie` header syntax (`;`, `\\r`, `\\n`), but does not apply the same validation to `sameSite` and `priority`. An application that passes user-controlled input into either option may produce a `Set-Cookie` response header containing attacker-chosen additional attributes.\n\n### Details\n\nWhen constructing a `Set-Cookie` header value, `serialize()` appends the `sameSite` and `priority` option values directly into the output string after a presentation-only transformation (capitalizing the first character). Although the TypeScript type signature constrains these options to specific string literals, that constraint is not enforced at runtime; any string value, including one containing `;` or line-feed characters, passes through unchanged.\n\nThe validation guard that rejects `;`, `\\r`, and `\\n` from `domain` and `path` is not applied to `sameSite` or `priority`. An application that passes a request-derived value to either option therefore provides an injection point into the header line.\n\nThis issue arises when an application passes user-controlled input to the `sameSite` or `priority` option of `setCookie()` or `serialize()`.\n\n### Impact\n\nAn attacker who can control the `sameSite` or `priority` option value may inject additional attributes into a `Set-Cookie` response header.\n\nThis may lead to:\n\n- Cookie attribute injection \u2014 overriding `Domain`, `Path`, `HttpOnly`, `Secure`, or `Max-Age` for the affected cookie\n- HTTP response header injection on runtimes that do not strictly validate header values, enabling a second attacker-controlled `Set-Cookie` header in the same response\n\nThis issue affects applications that pass user-derived input into the `sameSite` or `priority` option of `hono/cookie` serialization functions.",
"id": "GHSA-3hrh-pfw6-9m5x",
"modified": "2026-06-04T17:59:25Z",
"published": "2026-06-04T17:59:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/honojs/hono/security/advisories/GHSA-3hrh-pfw6-9m5x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47675"
},
{
"type": "WEB",
"url": "https://github.com/honojs/hono/commit/905aedbc20661e0e2fa378783a7ec44a5c3df43d"
},
{
"type": "PACKAGE",
"url": "https://github.com/honojs/hono"
},
{
"type": "WEB",
"url": "https://github.com/honojs/hono/releases/tag/v4.12.21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection"
}
GHSA-3J6G-XWCR-2HCW
Vulnerability from github – Published: 2025-01-14 21:31 – Updated: 2025-01-14 21:31Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.
{
"affected": [],
"aliases": [
"CVE-2024-48858"
],
"database_specific": {
"cwe_ids": [
"CWE-1287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T20:15:28Z",
"severity": "HIGH"
},
"details": "Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.",
"id": "GHSA-3j6g-xwcr-2hcw",
"modified": "2025-01-14T21:31:48Z",
"published": "2025-01-14T21:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48858"
},
{
"type": "WEB",
"url": "https://support.blackberry.com/pkb/s/article/140334"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
No CAPEC attack patterns related to this CWE.