目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-94 对生成代码的控制不恰当(代码注入) 类漏洞列表 1450

CWE-94 对生成代码的控制不恰当(代码注入) 类弱点 1450 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-94 指代码注入漏洞,属于输入验证缺陷。攻击者通过向程序提供恶意构造的外部输入,利用未正确过滤的特殊字符或代码片段,篡改预期代码逻辑或注入可执行指令,从而劫持系统控制权。开发者应避免直接拼接用户输入,采用白名单验证机制,并使用参数化查询或沙箱环境隔离执行上下文,确保输入数据的合法性与安全性,从根本上阻断恶意代码的注入路径。

MITRE CWE 官方描述
CWE:CWE-94 代码生成控制不当('Code Injection') 英文:产品使用来自上游组件的外部影响输入来构建代码段的全部或部分内容,但未对可能修改预期代码段语法或行为的特殊元素进行中和,或中和不正确。
常见影响 (4)
Access ControlBypass Protection Mechanism
In some cases, injectable code controls authentication; this may lead to a remote vulnerability.
Access ControlGain Privileges or Assume Identity
Injected code can access resources that the attacker is directly prevented from accessing.
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
When a product allows a user's input to contain code syntax, it might be possible for an attacker to craft the code in such a way that it will alter the intended control flow of the product. As a result, code injection can often result in the execution of arbitrary code. Code injection attacks can…
Non-RepudiationHide Activities
Often the actions performed by injected control code are unlogged.
缓解措施 (5)
Architecture and DesignRefactor your program so that you do not have to dynamically generate code.
Architecture and DesignRun your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product. Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection. This may not be a feasible solution, and it only limits the impact to the operating s…
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
TestingUse dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
OperationRun the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
代码示例 (2)
This example attempts to write user messages to a message file and allow users to view them.
$MessageFile = "messages.out"; if ($_GET["action"] == "NewMessage") { $name = $_GET["name"]; $message = $_GET["message"]; $handle = fopen($MessageFile, "a+"); fwrite($handle, "<b>$name</b> says '$message'<hr>\n"); fclose($handle); echo "Message Saved!<p>\n"; } else if ($_GET["action"] == "ViewMessages") { include($MessageFile); }
Bad · PHP
name=h4x0r message=%3C?php%20system(%22/bin/ls%20-l%22);?%3E
Attack
edit-config.pl: This CGI script is used to modify settings in a configuration file.
use CGI qw(:standard); sub config_file_add_key { my ($fname, $key, $arg) = @_; # code to add a field/key to a file goes here } sub config_file_set_key { my ($fname, $key, $arg) = @_; # code to set key to a particular file goes here } sub config_file_delete_key { my ($fname, $key, $arg) = @_; # code to delete key from a particular file goes here } sub handleConfigAction { my ($fname, $action) = @_; my $key = param('key'); my $val = param('val'); # this is super-efficient code, especially if you have to invoke # any one of dozens of different functions! my $code = "config_file_$action_key(\$fnam
Bad · Perl
add_key(",","); system("/bin/ls");
Attack
CVE ID标题CVSS风险等级Published
CVE-2017-16020 Summit 安全漏洞 — summit node module 9.8 -2018-06-04
CVE-2017-16042 Growl 安全漏洞 — growl node module 9.8 -2018-06-04
CVE-2014-10065 remarkable 跨站脚本漏洞 — remarkable node module 6.1 -2018-05-31
CVE-2016-10546 PouchDB 安全漏洞 — pouchdb node module 9.8 -2018-05-31
CVE-2016-10548 reduce-css-calc node模块安全漏洞 — reduce-css-calc node module 6.1 -2018-05-31
CVE-2018-1273 Pivotal Software Spring Data Commons和Spring Data REST 输入验证错误漏洞 — Spring Framework 9.8 -2018-04-11
CVE-2018-1275 Pivotal Spring Framework 安全漏洞 — Spring Framework 9.8 -2018-04-11
CVE-2018-1270 Pivotal Software Spring Framework 代码注入漏洞 — Spring Framework 9.8 -2018-04-06
CVE-2017-1001002 Math.js JavaScript引擎安全漏洞 — math.js 9.8 -2017-11-27
CVE-2017-1001004 typed-function JavaScript引擎安全漏洞 — typed-function 8.8 -2017-11-27

CWE-94(对生成代码的控制不恰当(代码注入)) 是常见的弱点类别,本平台收录该类弱点关联的 1450 条 CVE 漏洞。