Untrusted data in security decision Critical

Security decisions should not depend on branching. Because branching can be influenced by untrusted or client-provided data. For example, using a client-provided session ID (instead of a server-provided ID) in a conditional statement might allow an attacker to search for IDs of active sessions.

Detector ID
typescript/untrusted-data-in-decision@v1.0
Category
Common Weakness Enumeration (CWE) external icon