SiteShadow
Back to vulnerability library
Detected byCWE-aware static analysisPro

CWE-400 Uncontrolled Resource Consumption

Coverage: 15 rules in the SiteShadow rule registry target this CWE (registry v2.0.0). Regex 3Other-pattern 12 Also: Taint and heuristic analyzers may also detect related flows (see coverage for the authoritative list) Registry tagging shows intent, for sample-level behaviour and benchmarked gaps see known gaps.

What this means

SiteShadow flagged code where untrusted input can cause excessive CPU, memory, disk, or network usage (unbounded loops, huge payloads, expensive regex, uncontrolled concurrency).

Why it matters

Resource exhaustion can cause denial of service.

Safer examples

1) Enforce request and payload limits

Add max request body sizes, max file sizes, and max list lengths (see INPUT01/02).

2) Add timeouts and backpressure

3) Add rate limits and quotas

Use per-IP/per-user throttling and quotas (see RATE01/02).

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.