Software Defectsfield guide to stateful defects

shared × unstructured — bad data written permanently, and it spreads

Schema Drift / Mixed-Version Write

Two deployed versions share one store with no schema contract, so one writes what the other can't read.

01the recipe

In the wild

compound ofFile & Network AccessUnconstrained InputsCWE-20 Input ValidationcompoundCWE-345 Unverified Authenticity
example.py
# SMELL: two deployed versions share one store, no schema contract.
# (file/network access x unconstrained inputs)
# during a rolling deploy:
record["amount"] = 1050      # v1 writes cents (int)
record["amount"] = 10.50     # v2 writes dollars (float) -- same field
# readers can no longer tell which; the ledger is now corrupt.

# RIGHT: version the payload and validate on read.
record = {"schema": 2, "amount_cents": 1050}
assert record["schema"] == READER_SCHEMA   # refuse mixed-version data
Two versions out of lockstep (shared) writing a field with no contract (unstructured) silently poison the store. Nothing crashes; the data just means two things at once.
// observed
drift:     amount means cents OR dollars by writer
versioned: reader rejects data it can't interpret
02weakness catalog

Mapped weaknesses (CWE)

On its own, this defect is catalogued by MITRE as one or more of these weaknesses. The exploitable vulnerability usually appears only when it chains or combines with another.