CWE-494: Download of Code Without Integrity Check

BaseDraftExploit Likelihood: Medium

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

View on MITRE

Back to CWE Lookup

Extended Description

An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.

Technical Details

Structure: Simple

Applicable To

Languages

Not Language-Specific

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-494

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references