Description
The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.
Potential Impact
Other
Reduce Maintainability, Varies by Context
Detection Methods
- Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2025-40906 | Perl module for BSON serialization includes a component that reached end-of-life approximately five years previously, but has multiple vulnerabilities. |
| CVE-2024-35252 | Closed-source cloud storage product includes an unmaintained third-party component that allows denial of service |
Related Weaknesses
Frequently Asked Questions
What is CWE-1104?
CWE-1104 (Use of Unmaintained Third Party Components) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.
How can CWE-1104 be exploited?
Attackers can exploit CWE-1104 (Use of Unmaintained Third Party Components) to reduce maintainability, varies by context. This weakness is typically introduced during the Architecture and Design phase of software development.
How do I prevent CWE-1104?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1104?
CWE-1104 is classified as a Base-level weakness (Medium abstraction). It has been observed in 2 real-world CVEs.