Description
View on MITREExtended Description
Strategy: Input Validation A product system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking (e.g. input validation) is performed when relying on input from outside a trust boundary.
Avoid any external control of variables. If necessary, restrict the variables that can be modified using an allowlist, and use a different namespace or naming convention if possible.
No detection method information available for this CWE.
No examples or observed CVEs available for this CWE.
CWE-454: CWE-454: External Initialization of Trusted Variables or Data Stores is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description Extended Description
If exploited, CWE-454 (CWE-454: External Initialization of Trusted Variables or Data Stores) it can compromise Modify Application Data, leading to outcomes such as Scope: Integrity An attacker could gain access to and modify sensitive data or system information..
Recommended mitigations for CWE-454 include: Strategy: Input Validation A product system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking (e.g. input validation) is performed when relying on input from outside a trust boundary. Avoid any external control of variables. If necessary, restrict the variables that can be modified using an allowlist, and use a different namespace or naming convention if possible.
CWE-454 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-454 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.