CWE-914

Improper Control of Dynamically-Identified Variables

The product does not properly restrict reading from or writing to dynamically-identified variables.

Mitigation

Phase: Implementation

Strategy: Input Validation

Description:

  • For any externally-influenced input, check the input against an allowlist of internal program variables that are allowed to be modified.
Mitigation

Phases: Implementation, Architecture and Design

Strategy: Refactoring

Description:

  • Refactor the code so that internal program variables do not need to be dynamically identified.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page