Lack of data validation - Trust boundary violation | Fluid Attacks Database

Database

Description

The system mixes trusted and untrusted data in the same data structure or structured message.

Impact

Introduce data into critical data structures, which could lead to some types of injections.

Recommendation

- Prevent the use of untrusted data in critical data structures or structured messages.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 45 minutes.

Requirements

173 - Discard unsafe inputs 320 - Avoid client-side control enforcement 342 - Validate request parameters

Rules

Java Trust Boundary Violation Python Flask Uncontrolled Format String Python Django Uncontrolled Format String Python Tornado Uncontrolled Format String Kotlin Inclusion Of Insecure Functionality Python Fastapi Uncontrolled Format String Php Session Trust Boundary Violation Python Starlette Uncontrolled Format String Scala Inclusion Insecure Functionality

Fixes

Csharp Dart Go Java JavaScript/TypeScript Php Python Scala