Home / Vulnerability Database / C-sharp : External CDN usage

C-sharp : External CDN usage

Classification

OWASP Top 10 2021

A8-Software and Data Integrity Failures

PCI DSS 4.0

4.2.1 6.2.4

CWE

CWE-94

Overview

The application uses an external CDN for providing client code. This may lead to malicious code execution in case the CDN is compromised.

Interpretation and execution of the data from an untrusted source at runtime allows an attacker to execute malicious code in the context of the application. Code injection vulnerabilities occur when a developer mistakenly believes that the user will enter only “harmless” instructions. In reality, unvalidated user instructions may be dangerous.

References

CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP Top 10 2013-A1-Injection

LOW

C-sharp : External CDN usage

Classification

Overview

References

DerScanner Severity Score

Do you want to fix C-sharp : External CDN usage in your application?

See also

C-sharp : JWT: None Algorithm

C-sharp : Insecure data transmission: Database

C-sharp : Only one of method Equals() and GetHashCode() defined