CWE-625

Permissive Regular Expression

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

Mitigation

Phase: Implementation

Description:

  • When applicable, ensure that the regular expression marks beginning and ending string patterns, such as "/^string$/" for Perl.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page