An application uses a "blacklist" of prohibited values, but the
					blacklist is incomplete.If an incomplete blacklist is used as a security mechanism, then the
						software may allow unintended values to pass into the application logic.