目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-159 特殊元素净化处理不恰当 类漏洞列表 10

CWE-159 特殊元素净化处理不恰当 类弱点 10 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-159 属于输入验证缺陷,指软件未正确处理用户输入中特殊元素的非法使用。攻击者常通过注入未过滤的特殊字符或符号,干扰程序逻辑解析,导致功能异常或数据完整性受损。开发者应实施严格的输入验证机制,对特殊元素进行过滤、转义或引用处理,确保仅接受预期格式的数据,从而有效阻断潜在的攻击路径,保障系统稳定与安全。

MITRE CWE 官方描述
CWE:CWE-159 不当处理特殊元素的不当使用 英文:产品未能正确过滤、移除、引用或以其他方式管理用户可控输入中特殊元素的不当使用,这可能会对其行为和完整性产生不利影响。
常见影响 (1)
IntegrityUnexpected State
缓解措施 (4)
Developers should anticipate that special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationWhile it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or whit…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
CVE ID标题CVSS风险等级Published
CVE-2026-35536 Tornado 安全漏洞 — Tornado 7.2 High2026-04-03
CVE-2026-2636 Microsoft Windows 安全漏洞 — Windows OS 5.5 Medium2026-02-25
CVE-2025-61984 OpenSSH 安全漏洞 — OpenSSH 3.6 Low2025-10-06
CVE-2025-52884 RISC Zero Ethereum 安全漏洞 — risc0-ethereum--AI2025-06-24
CVE-2021-21707 PHP 安全漏洞 — PHP 5.3 Medium2021-11-29
CVE-2021-42375 BusyBox 安全漏洞 — busybox 5.5 -2021-11-15
CVE-2020-29022 Secomea GateManager 安全漏洞 — GateManager 5.3 Medium2021-02-16
CVE-2020-1653 Juniper Networks Junos OS 缓冲区错误漏洞 — Junos OS 7.5 High2020-07-17
CVE-2020-1648 Juniper Networks Junos OS 输入验证错误漏洞 — Junos OS 7.5 High2020-07-17
CVE-2019-9505 PrinterLogic Print Management 安全漏洞 — Management Software 9.8 -2019-05-08

CWE-159(特殊元素净化处理不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 10 条 CVE 漏洞。