[A01:2025] Incorrect CWE-201 Name in List of Mapped CWEs #930
Description
Description:
In the List of Mapped CWEs section, CWE-201 is listed as:
"Exposure of Sensitive Information Through Sent Data"
However, the official name as defined by the CWE dictionary is:
"Insertion of Sensitive Information Into Sent Data"
Reference: https://cwe.mitre.org/data/definitions/201.html
Why It Matters:
The List of Mapped CWEs section is meant to be a precise technical reference that maps directly to the official CWE catalog. Using an incorrect name can cause confusion for developers and security practitioners who cross-reference with the official CWE documentation.
Steps to Reproduce:
- Navigate to https://owasp.org/Top10/2025/A01_2025-Broken_Access_Control/
- Scroll down to the List of Mapped CWEs section
- Observe the name listed for CWE-201
Expected Behavior:
CWE-201 should be listed as:
"Insertion of Sensitive Information Into Sent Data"
Actual Behavior:
CWE-201 is listed as:
"Exposure of Sensitive Information Through Sent Data"
Proposed Fix:
Update the CWE-201 entry name to match the official CWE name.
I am willing to submit a PR for this fix. 🙂