format-string-injection
format-string-injection
Externally controlled data influences a format string. This can allow an attacker to leak information from memory or trigger memory corruption. Format strings should be constant strings to prevent these issues. If you need to print a user-controlled string then you can use
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-134: Use of Externally-Controlled Format String
%s.Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-134: Use of Externally-Controlled Format String