CWE-470

Overview

CWE ID
470

CWE Name
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

CWE Abstraction
Base

CWE structure
Simple

CWE Status
Draft

Description

The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

Extended Description

If the application uses external inputs to determine which class to instantiate or which method to invoke, then an attacker could supply values to select unexpected classes or methods. If this occurs, then the attacker could create control flow paths that

Related CWEs

CWE ID	View ID	Nature	Ordinal
913	1000	ChildOf	Primary
913	1003	ChildOf	Primary
610	1000	ChildOf
20	700	ChildOf	Primary

Related CVEs

CVE
CVE-2019-10174
CVE-2021-31522
CVE-2021-32647
CVE-2018-5511
CVE-2019-20635
CVE-2019-3834
CVE-2019-1003040
CVE-2019-1003041
CVE-2022-26469
CVE-2022-41852
CVE-2022-41853
CVE-2023-0460
CVE-2021-21327
CVE-2022-30287
CVE-2017-7536
CVE-2023-6943
CVE-2023-32217
CVE-2024-28121
CVE-2024-0200
CVE-2024-28121
CVE-2024-0200
CVE-2024-1574
CVE-2024-6096