The following format string functions can cause runtime errors if the attacker adds conversion specifiers: Java String.format and PrintStream.format PHP printf The code pattern that causes a format ...