CWE-494

Download of Code Without Integrity Check

Description

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

Extended Description

An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.

Diagram

Source: MITRE CWE™ — CWE-494