The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.
View on MITRENo mitigation information available for this CWE.
No detection method information available for this CWE.
chain: bypass of untrusted deserialization issue (CWE-502) by using an assumed-trusted class (CWE-183)
View DetailsCI/CD pipeline feature has unsafe elements in allowlist, allowing bypass of script restrictions
View DetailsNo relationship information available for this CWE.
CWE-183: Permissive List of Allowed Inputs is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.
If exploited, CWE-183 (Permissive List of Allowed Inputs) it can compromise Access Control, leading to outcomes such as Bypass Protection Mechanism.
CWE-183 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-183, including CVE-2019-12799, CVE-2019-10458, CVE-2017-1000095, CVE-2019-10458 and CVE-2017-1000095. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-183 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.