forked from aquasecurity/vuln-list
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCWE-1049.json
27 lines (27 loc) · 955 Bytes
/
CWE-1049.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{
"ID": 1049,
"Name": "Excessive Data Query Operations in a Large Data Table",
"Description": "The product performs a data query with a large number of joins\n\t\t\t\t\tand sub-queries on a large data table.",
"PotentialMitigations": {
"Mitigation": null
},
"RelatedAttackPatterns": {
"RelatedAttackPattern": null
},
"CommonConsequences": {
"Consequence": [
{
"Scope": [
"Other"
],
"Impact": [
"Reduce Performance"
]
}
]
},
"ExtendedDescription": [
"This issue can make the product perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.",
"While the interpretation of \"large data table\" and \"large number of joins or sub-queries\" may vary for each product or developer, CISQ recommends a default of 1 million rows for a \"large\" data table, a default minimum of 5 joins, and a default minimum of 3 sub-queries."
]
}