CWE-94: Improper Control of Generation of Code ('Code Injection')

BaseDraftExploit Likelihood: Medium🏆 #18 in Top 25 (2024)

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

View on MITRE
436Related CVEs
11.72Severity Score
Back to CWE Lookup

Technical Details

Structure
Simple

Applicable To

Languages
Interpreted
Platforms

🏆 CWE Top 25 Historical Ranking

2023:#23
Score: 3.30
401 CVEs
2024:#18↑5
Score: 11.72
436 CVEs
Trend:Worsening (moved down 5 ranks)

Learn More