CWE-641
Overview
- CWE ID
- 641
- CWE Name
- Improper Restriction of Names for Files and Other Resources
- CWE Abstraction
- Base
- CWE structure
- Simple
- CWE Status
- Incomplete
Description
The application constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.
Extended Description
This may produce resultant weaknesses. For instance, if the names of these resources contain scripting characters, it is possible that a script may get executed in the client's browser if the application ever displays the name of the resource on a dynamic
Related CWEs
| CWE ID | View ID | Nature | Ordinal |
|---|---|---|---|
| 99 | 1000 | ChildOf | Primary |