CWE-494
Overview
- CWE ID
- 494
- CWE Name
- Download of Code Without Integrity Check
- CWE Abstraction
- Base
- CWE structure
- Simple
- CWE Status
- Draft
Description
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
Extended Description
An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.