CWE-4944 advisories

Download of Code Without Integrity Check

What it is

Code or updates are downloaded and executed without verifying integrity, enabling tampering.

How to fix it

Upgrade and verify signatures/hashes before executing downloaded code.

How to avoid it

Pin versions and verify cryptographic signatures on all fetched code.

Known Download of Code Without Integrity Check vulnerabilities

WEB3-FRONTEND-DNS-HIJACK-2022 — high · Web3/dApp web frontend / DNS / registrar / CDN trust boundary
CVE-2019-15107 — critical · CI/CD · Build server/Webmin · exploited
SC-CCLEANER-2017 — high · Software vendor/CCleaner (Piriform / Avast)
INFRA-STUXNET-2010 — critical · ICS · OT/Siemens SIMATIC S7 PLCs (Natanz)

Stateward flags Download of Code Without Integrity Check in your own code and dependencies on every pull request.

Scan my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.