The product uses a regular expression that does not sufficiently restrict the set of allowed values.
When applicable, ensure that the regular expression marks beginning and ending string patterns, such as "/^string$/" for Perl.
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
CVE-2021-22204Chain: regex in EXIF processor code does not correctly determine where a string ends (CWE-625), enabling eval injection (CWE-95), as exploited in the wild per CISA KEV.
CVE-2006-1895".*" regexp leads to static code injection
CVE-2002-2175insertion of username into regexp results in partial comparison, causing wrong database entry to be updated when one username is a substring of another.
CVE-2006-4527regexp intended to verify that all characters are legal, only checks that at least one is legal, enabling file inclusion.
CVE-2005-1949Regexp for IP address isn't anchored at the end, allowing appending of shell metacharacters.