CWE-183
Permissive List of Allowed Inputs
Description
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.
Parent Weaknesses (ChildOf)
Related Weaknesses
Common Consequences
Scope
Impact
Bypass Protection Mechanism
CVE-2019-12799chain: bypass of untrusted deserialization issue (CWE-502) by using an assumed-trusted class (CWE-183)
CVE-2019-10458sandbox bypass using a method that is on an allowlist
CVE-2017-1000095sandbox bypass using unsafe methods that are on an allowlist
CVE-2019-10458CI/CD pipeline feature has unsafe elements in allowlist, allowing bypass of script restrictions
CVE-2017-1000095Default allowlist includes unsafe methods, allowing bypass of sandbox
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now