Common Weakness Enumeration

CWE-755

Discouraged

Improper Handling of Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not handle or incorrectly handles an exceptional condition.

685 vulnerabilities reference this CWE, most recent first.

GHSA-GPXJ-9PRG-35WW

Vulnerability from github – Published: 2023-08-31 18:30 – Updated: 2024-04-04 07:20
VLAI
Details

An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.

See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31169"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-176",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-31T16:15:09Z",
    "severity": "MODERATE"
  },
  "details": "\nAn Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n",
  "id": "GHSA-gpxj-9prg-35ww",
  "modified": "2024-04-04T07:20:42Z",
  "published": "2023-08-31T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31169"
    },
    {
      "type": "WEB",
      "url": "https://selinc.com/support/security-notifications/external-reports"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/blog"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQH7-2V33-8JC4

Vulnerability from github – Published: 2022-10-07 18:15 – Updated: 2022-10-11 19:00
VLAI
Details

Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39872"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-07T15:15:00Z",
    "severity": "LOW"
  },
  "details": "Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.",
  "id": "GHSA-gqh7-2v33-8jc4",
  "modified": "2022-10-11T19:00:28Z",
  "published": "2022-10-07T18:15:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39872"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GR7G-5RVJ-CF96

Vulnerability from github – Published: 2023-02-24 12:31 – Updated: 2026-05-18 15:30
VLAI
Details

Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-4105"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-24T12:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727.",
  "id": "GHSA-gr7g-5rvj-cf96",
  "modified": "2026-05-18T15:30:31Z",
  "published": "2023-02-24T12:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4105"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0108"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-23-0108"
    },
    {
      "type": "WEB",
      "url": "http://blog.coslat.com/2021/07/onemli-kritik-guncelleme-2021-07-27.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GRGV-CRGM-X8P9

Vulnerability from github – Published: 2021-12-18 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0679"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-17T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781.",
  "id": "GHSA-grgv-crgm-x8p9",
  "modified": "2023-08-08T15:31:25Z",
  "published": "2021-12-18T00:00:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0679"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/December-2021"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GV2F-VXWC-XP58

Vulnerability from github – Published: 2022-06-08 00:00 – Updated: 2022-06-12 00:00
VLAI
Details

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30725"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-07T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.",
  "id": "GHSA-gv2f-vxwc-xp58",
  "modified": "2022-06-12T00:00:46Z",
  "published": "2022-06-08T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30725"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GW2X-Q739-QHCR

Vulnerability from github – Published: 2026-01-07 18:36 – Updated: 2026-01-07 21:34
VLAI
Summary
RustFS gRPC GetMetrics deserialization panic enables remote DoS
Details

Summary

A malformed gRPC GetMetrics request causes get_metrics to unwrap() failed deserialization of metric_type/opts, panicking the handler thread and enabling remote denial of service of the metrics endpoint.

Details

  • Vulnerable code: rustfs/src/storage/tonic_service.rs:1775-1782:
  • MetricType and CollectMetricsOpts are deserialized with Deserialize::deserialize(...).unwrap() from client-supplied bytes.
  • Malformed metric_type/opts (e.g., empty or truncated rmp-serde payloads) trigger InvalidMarkerRead and panic.
  • Reachability: same TCP listener as S3 (default :9000); only a static interceptor token authorization: rustfs rpc is checked in server/http.rs:677.
  • Impact scope: panic terminates the worker handling the request, causing metrics service interruption and potential process instability.

PoC

rustfs-grpc-metrics-invalid-metric-type-panic-poc.tar.gz

1) Start RustFS (example local dev):

mkdir -p /tmp/rustfs-data1 /tmp/rustfs-data2
RUSTFS_ACCESS_KEY=devadmin RUSTFS_SECRET_KEY=devadmin \
  cargo run --bin rustfs -- --address 0.0.0.0:9000 \
  /tmp/rustfs-data1 /tmp/rustfs-data2

2) From rustfs-grpc-metrics-invalid-metric-type-panic-poc/, run:

ENDPOINT=127.0.0.1:9000 make run
# or: grpcurl -plaintext \
#   -H 'authorization: rustfs rpc' \
#   -import-path ../crates/protos/src -proto node.proto \
#   -d '{"metric_type":"","opts":""}' \
#   127.0.0.1:9000 node_service.NodeService/GetMetrics

3) Observe panic in server logs at tonic_service.rs:get_metrics with InvalidMarkerRead and worker crash; client output saved to poc-response.txt/poc-grpcurl.log.

Impact

  • Vulnerability type: remote unauthenticated (static token) denial of service via panic in gRPC handler.
  • Who is impacted: any deployment exposing the gRPC endpoint where an attacker can reach port 9000 and supply the known authorization: rustfs rpc header; metrics service is disrupted and may affect overall stability depending on runtime crash handling.
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.0.0-alpha.77"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "rustfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0-alpha.13"
            },
            {
              "fixed": "1.0.0-alpha.78"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-69255"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-07T18:36:23Z",
    "nvd_published_at": "2026-01-07T21:16:00Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nA malformed gRPC `GetMetrics` request causes `get_metrics` to `unwrap()` failed deserialization of `metric_type`/`opts`, panicking the handler thread and enabling remote denial of service of the metrics endpoint.\n\n### Details\n- Vulnerable code: `rustfs/src/storage/tonic_service.rs:1775-1782`:\n  - `MetricType` and `CollectMetricsOpts` are deserialized with `Deserialize::deserialize(...).unwrap()` from client-supplied bytes.\n  - Malformed `metric_type`/`opts` (e.g., empty or truncated rmp-serde payloads) trigger `InvalidMarkerRead` and panic.\n- Reachability: same TCP listener as S3 (default `:9000`); only a static interceptor token `authorization: rustfs rpc` is checked in `server/http.rs:677`.\n- Impact scope: panic terminates the worker handling the request, causing metrics service interruption and potential process instability.\n\n### PoC\n\n[rustfs-grpc-metrics-invalid-metric-type-panic-poc.tar.gz](https://github.com/user-attachments/files/24038341/rustfs-grpc-metrics-invalid-metric-type-panic-poc.tar.gz)\n\n\n1) Start RustFS (example local dev):\n```bash\nmkdir -p /tmp/rustfs-data1 /tmp/rustfs-data2\nRUSTFS_ACCESS_KEY=devadmin RUSTFS_SECRET_KEY=devadmin \\\n  cargo run --bin rustfs -- --address 0.0.0.0:9000 \\\n  /tmp/rustfs-data1 /tmp/rustfs-data2\n```\n2) From `rustfs-grpc-metrics-invalid-metric-type-panic-poc/`, run:\n```bash\nENDPOINT=127.0.0.1:9000 make run\n# or: grpcurl -plaintext \\\n#   -H \u0027authorization: rustfs rpc\u0027 \\\n#   -import-path ../crates/protos/src -proto node.proto \\\n#   -d \u0027{\"metric_type\":\"\",\"opts\":\"\"}\u0027 \\\n#   127.0.0.1:9000 node_service.NodeService/GetMetrics\n```\n3) Observe panic in server logs at `tonic_service.rs:get_metrics` with `InvalidMarkerRead` and worker crash; client output saved to `poc-response.txt`/`poc-grpcurl.log`.\n\n### Impact\n- Vulnerability type: remote unauthenticated (static token) denial of service via panic in gRPC handler.\n- Who is impacted: any deployment exposing the gRPC endpoint where an attacker can reach port 9000 and supply the known `authorization: rustfs rpc` header; metrics service is disrupted and may affect overall stability depending on runtime crash handling.",
  "id": "GHSA-gw2x-q739-qhcr",
  "modified": "2026-01-07T21:34:37Z",
  "published": "2026-01-07T18:36:23Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rustfs/rustfs/security/advisories/GHSA-gw2x-q739-qhcr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69255"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rustfs/rustfs/commit/eb33e82b56ed11fd12bb39416359d8d60737dc7a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rustfs/rustfs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "RustFS gRPC GetMetrics deserialization panic enables remote DoS"
}

GHSA-GW32-CJFH-W92V

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-07-13 00:01
VLAI
Details

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22328"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-23T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800.",
  "id": "GHSA-gw32-cjfh-w92v",
  "modified": "2022-07-13T00:01:09Z",
  "published": "2022-05-24T19:11:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22328"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-dos-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GX49-H5R3-Q3XJ

Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09
VLAI
Details

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-32066"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-01T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a \"StartTLS stripping attack.\"",
  "id": "GHSA-gx49-h5r3-q3xj",
  "modified": "2022-05-24T19:09:28Z",
  "published": "2022-05-24T19:09:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32066"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1178562"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-27"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210902-0004"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H27G-G76X-XQPW

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2022-05-24 16:45
VLAI
Details

C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-3552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-06T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.",
  "id": "GHSA-h27g-g76x-xqpw",
  "modified": "2022-05-24T16:45:14Z",
  "published": "2022-05-24T16:45:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3552"
    },
    {
      "type": "WEB",
      "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108279"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-H3FX-MX5W-CWRX

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-05-24 17:26
VLAI
Details

A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper error handling when processing inbound PIM6 packets. An attacker could exploit this vulnerability by sending multiple crafted PIM6 packets to an affected device. A successful exploit could allow the attacker to cause the PIM6 application to leak system memory. Over time, this memory leak could cause the PIM6 application to stop processing legitimate PIM6 traffic, leading to a DoS condition on the affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3338"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-27T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper error handling when processing inbound PIM6 packets. An attacker could exploit this vulnerability by sending multiple crafted PIM6 packets to an affected device. A successful exploit could allow the attacker to cause the PIM6 application to leak system memory. Over time, this memory leak could cause the PIM6 application to stop processing legitimate PIM6 traffic, leading to a DoS condition on the affected device.",
  "id": "GHSA-h3fx-mx5w-cwrx",
  "modified": "2022-05-24T17:26:51Z",
  "published": "2022-05-24T17:26:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3338"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-pim-memleak-dos-tC8eP7uw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.