CVEbaza.plCWE DictionaryCWE-237
Common Weakness Enumeration

CWE-237

Improper Handling of Structural Elements

Category: BaseCVE: 4
Description

The product does not handle or incorrectly handles inputs that are related to complex structures.

CVE vulnerabilities with CWE-237 (4)
9.8
CVSS
CRITICAL
CVE-2026-45411

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by the runtime and passed to the yield* iterator as the next value. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This vulnerability is fixed in 3.11.3.

pub. 2026-05-13
7.5
CVSS
HIGH
CVE-2023-34429

Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.

pub. 2023-07-19
5.5
CVSS
MEDIUM
CVE-2023-6110

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.

pub. 2024-11-17
3.3
CVSS
LOW
CVE-2025-24336

SXF Common Library handles input data improperly. If a product using the library reads a crafted file, the product may be crashed.

pub. 2025-01-31
Information
ID: CWE-237
Type: Base
Vulnerabilities: 4
MITRE CWE ↗
← CWE Dictionary
CWE-237 — Improper Handling of Structural Elements | CWE Dictionary | CVEbaza.pl