CWE-99
Overview
- CWE ID
- 99
- CWE Name
- Improper Control of Resource Identifiers ('Resource Injection')
- CWE Abstraction
- Class
- CWE structure
- Simple
- CWE Status
- Draft
Description
The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.