CWE-95
Overview
- CWE ID
- 95
- CWE Name
- Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
- CWE Abstraction
- Variant
- CWE structure
- Simple
- CWE Status
- Incomplete
Description
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
Extended Description
This may allow an attacker to execute arbitrary code, or at least modify what code can be executed.
Related CWEs
| CWE ID | View ID | Nature | Ordinal |
|---|---|---|---|
| 94 | 1000 | ChildOf | Primary |