logo

Database

Lack of data validation - Trust boundary violation

Description

The system mixes trusted and untrusted data in the same data structure or structured message.

Impact

Introduce data into critical data structures, which could lead to some types of injections.

Recommendation

- Prevent the use of untrusted data in critical data structures or structured messages.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 45 minutes.

Requirements

173 - Discard unsafe inputs320 - Avoid client-side control enforcement342 - Validate request parameters

Fixes

CsharpDartElixirGoJavaPhpPythonScalaTypescript

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

N

Attack complexity

L

Attack requirements

N

Privileges required

L

User interaction

N

Confidentiality (VC)

N

Integrity (VI)

L

Availability (VA)

N

Confidentiality (SC)

N

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

X

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N