CWE-76

Improper Neutralization of Equivalent Special Elements

The product correctly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.

Mitigation

Phase: Requirements

Description:

  • Programming languages and supporting technologies might be chosen which are not subject to these issues.
Mitigation

Phase: Implementation

Description:

  • Utilize an appropriate mix of allowlist and denylist parsing to filter equivalent special element syntax from all input.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page