CWE-610
Externally Controlled Reference to a Resource in Another Sphere
Description
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Read Application Data, Modify Application Data
Scope
Impact
Gain Privileges or Assume Identity
CVE-2022-3032An email client does not block loading of remote objects in a nested document.
CVE-2022-45918Chain: a learning management tool debugger uses external input to locate previous session logs (CWE-73) and does not properly validate the given path (CWE-20), allowing for filesystem path traversal using "../" sequences (CWE-24)
CVE-2018-1000613Cryptography API uses unsafe reflection when deserializing a private key
CVE-2020-11053Chain: Go-based Oauth2 reverse proxy can send the authenticated user to another site at the end of the authentication flow. A redirect URL with HTML-encoded whitespace characters can bypass the validation (CWE-1289) to redirect to a malicious site (CWE-601)
CVE-2022-42745Recruiter software allows reading arbitrary files using XXE
CVE-2004-2331Database system allows attackers to bypass sandbox restrictions by using the Reflection API.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now