CWE-1395: Dependency on Vulnerable Third-Party Component

ClassIncomplete

The product has a dependency on a third-party component that contains one or more known vulnerabilities.

View on MITRE
Back to CWE Lookup

Extended Description

Many products are large enough or complex enough that part of their functionality uses libraries, modules, or other intellectual property developed by third parties who are not the product creator. For example, even an entire operating system might be from a third-party supplier in some hardware products. Whether open or closed source, these components may contain publicly known vulnerabilities that could be exploited by adversaries to compromise the product.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms
Not OS-Specific

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-1395

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references