CWE-20 Improper Input Validation (mangadex-downloader)

The primary objective in programming is to devise a solution for a specific problem. However, while the solution may address the problem at hand, it is critical to acknowledge the possibility of overlooked security vulnerabilities. One significant source of these potential security issues, including unauthorized access to sensitive information, is Improper Input Validation. Improper Input Validation occurs when a program fails to adequately verify the inputs it receives.

Common Weakness Enumerations (CWEs)

• CWE-20 Improper Input Validation

 

Software Project

MangaDex Downloader is a free-to-use tool designed to download manga from the MangaDex repository. Users can specify one or more links to specific manga for download onto their local machines.

• mangadex-downloader

 

Common Vulnerabilities and Exposures (CVEs)

In versions 1.3.0 through 1.7.1 of MangaDex Downloader, when the file:<location> command is issued with <location> being a web URL (http, https), the tool mistakenly attempts to open and read a local disk file for each line of content from the specified website. This issue has been resolved in version 1.7.2 through a patch.

• CVE-2022-36082

References

• Author’s Explanation. If the linked reference is down, you may access the archived version its web archive.

 

Replication

 

External Learning Resources

• Cyber4All/Security Injection: Input Validation - CS2 Java