CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

VariantIncompleteExploit Likelihood: Medium

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

View on MITRE

Back to CWE Lookup

Technical Details

Structure: Simple

Applicable To

Languages

JavaJavaScriptPythonPerlPHPRubyInterpreted

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-95

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references