Currently, CWE-1007 is a child of UI misrepresentation. However, source code 
can be maliciously injected using bidi and Unicode homoglyphs as well (see and and the examples under Would it be 
appropriate to modify CWE-1007 so that it doesn’t just apply to reflected 
Unicode attacks against a user, or would it be more appropriate to create a new 
CWE as a child of CWE-506 to reflect injecting source code using Unicode 


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to