CWE-95

Overview

CWE ID
95

CWE Name
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

CWE Abstraction
Variant

CWE structure
Simple

CWE Status
Incomplete

Description

The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

Extended Description

This may allow an attacker to execute arbitrary code, or at least modify what code can be executed.

Related CWEs

CWE ID	View ID	Nature	Ordinal
94	1000	ChildOf	Primary

Related CVEs

CVE
CVE-2021-33678
CVE-2022-41928
CVE-2022-41931
CVE-2022-38193
CVE-2023-29511
CVE-2023-26477
CVE-2023-0090
CVE-2023-0089
CVE-2023-0888
CVE-2023-29509
CVE-2023-29210
CVE-2023-29209
CVE-2023-29211
CVE-2023-29212
CVE-2023-29214
CVE-2023-30537
CVE-2021-23277
CVE-2024-31465
CVE-2024-31986
CVE-2024-31984
CVE-2023-46731
CVE-2023-48699
CVE-2023-37909
CVE-2023-37462
CVE-2023-40177
CVE-2023-7101
CVE-2023-7245
CVE-2023-7224
CVE-2023-50723
CVE-2023-50721
CVE-2023-35152
CVE-2023-35150
CVE-2024-31982
CVE-2024-31996
CVE-2024-32649
CVE-2024-32647
CVE-2024-21650
CVE-2023-50723
CVE-2023-50721
CVE-2023-35152
CVE-2023-35150
CVE-2024-31982
CVE-2024-31996
CVE-2024-32649
CVE-2024-32647
CVE-2024-21650
CVE-2024-21650
CVE-2024-36401
CVE-2024-36404
CVE-2024-37901
CVE-2024-6891
CVE-2024-43404
CVE-2024-27320
CVE-2024-27321
CVE-2024-45849
CVE-2024-45847
CVE-2024-45848
CVE-2024-45846
CVE-2024-45850
CVE-2024-45851
CVE-2024-45858
CVE-2024-45858
CVE-2024-45858
CVE-2024-45858
CVE-2024-45858
CVE-2024-45858
CVE-2024-45858
CVE-2024-45858
CVE-2024-45858
CVE-2024-45858
CVE-2024-45858