目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-155 双字符或匹配符号转义处理不恰当 类漏洞列表 13

CWE-155 双字符或匹配符号转义处理不恰当 类弱点 13 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-155属于输入验证缺陷,指程序未正确过滤上游传入的通配符或匹配符号。攻击者常利用此漏洞注入特殊字符,导致下游组件解析异常,从而引发意外行为或逻辑绕过。开发者应严格校验并转义输入数据,确保仅允许合法字符,防止恶意符号被误解释为控制指令,从而消除潜在的安全风险。

MITRE CWE 官方描述
CWE:CWE-155 通配符或匹配符号的不当中和 英文:产品从上游组件接收输入,但未对特殊元素进行中和或错误地中和了这些特殊元素,当这些特殊元素被发送到下游组件时,它们可能被解释为通配符(wildcards)或匹配符号(matching symbols)。 在解析数据时,注入的元素可能导致进程执行意外操作。
常见影响 (1)
IntegrityUnexpected State
缓解措施 (4)
Developers should anticipate that wildcard or matching elements will be injected/removed/manipulated in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationWhile it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or whit…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
CVE ID标题CVSS风险等级Published
CVE-2025-11757 CloudEdge App 安全漏洞 — CloudEdge App 8.8AIHighAI2025-10-21
CVE-2025-4232 Palo Alto Networks GlobalProtect app on macOS 安全漏洞 — GlobalProtect App 7.8AIHighAI2025-06-12
CVE-2025-27515 Laravel 安全漏洞 — framework 6.5 -2025-03-05
CVE-2025-0681 New Rock Cloud Connected Devices 安全漏洞 — OM500 IP-PBX 6.2 Medium2025-01-30
CVE-2025-0106 Palo Alto Networks Expedition 安全漏洞 — Cloud NGFW 5.8 -2025-01-11
CVE-2024-47791 Ruijie Networks ReyeeOS 安全漏洞 — Reyee OS 7.5 High2024-12-06
CVE-2024-8688 Palo Alto Networks PAN-OS 安全漏洞 — PAN-OS 4.9AIMediumAI2024-09-11
CVE-2024-6509 AXIS OS 安全漏洞 — AXIS OS 6.5 Medium2024-09-10
CVE-2024-0055 AXIS OS 安全漏洞 — AXIS OS 6.5 Medium2024-03-19
CVE-2024-0054 AXIS OS 安全漏洞 — AXIS OS 6.5 Medium2024-03-19
CVE-2022-21646 Spice 安全漏洞 — spicedb 8.1 High2022-01-11
CVE-2020-1772 OTRS 信息泄露漏洞 — ((OTRS)) Community Edition 6.5 Medium2020-03-27
CVE-2019-3802 Pivotal Software Spring Data JPA 安全漏洞 — Spring Data JPA 5.3 -2019-06-03

CWE-155(双字符或匹配符号转义处理不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 13 条 CVE 漏洞。