3 vulnerabilities classified as CWE-235 (对额外参数处理不恰当). AI Chinese analysis included.
CWE-235 represents a logic flaw where software fails to properly manage scenarios involving duplicate or excessive parameters, fields, or arguments. This weakness typically arises when applications assume input structures are strictly singular, allowing attackers to exploit ambiguity by submitting multiple values for the same key. Exploitation often leads to security bypasses, such as privilege escalation or injection attacks, where the system processes only the first or last value unpredictably, ignoring critical validation rules applied to subsequent entries. To mitigate this risk, developers must implement rigorous input validation that explicitly rejects duplicate keys or enforces strict parsing logic. Utilizing secure coding frameworks that automatically handle parameter binding and enforcing strict schema definitions ensures that all extra parameters are either safely discarded or consistently processed, thereby eliminating the ambiguity that attackers leverage to compromise application integrity.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-20083 | Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software | 6.5 | Medium | 2026-03-25 |
| CVE-2024-47651 | Parameter Pollution Vulnerability — Client Dashboard | 6.5 | - | 2024-10-04 |
| CVE-2017-20160 | flitto express-param fetchParams.js parameter pollution — express-param | 6.3 | Medium | 2022-12-31 |
Vulnerabilities classified as CWE-235 (对额外参数处理不恰当) represent 3 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.