CWE-625: Permissive Regular Expression

BaseDraft

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

View on MITRE
Back to CWE Lookup

Extended Description

This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include: not identifying the beginning and end of the target string using wildcards instead of acceptable character ranges others

Technical Details

Structure
Simple

Applicable To

Languages
PerlPHP
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-625

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references