CWE-913
Improper Control of Dynamically-Managed Code Resources
The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.
Mitigation
Phase: Implementation
Strategy: Input Validation
Description:
- For any externally-influenced input, check the input against an allowlist of acceptable values.
Mitigation
Phases: Implementation, Architecture and Design
Strategy: Refactoring
Description:
- Refactor the code so that it does not need to be dynamically managed.
No CAPEC attack patterns related to this CWE.