CWE-73 is not a part of A03:2021

[KamilPacanek]

Regarding the: https://owasp.org/Top10/A03_2021-Injection/#overview

CWE-73 is mentioned as a notable CWE, but

• when you browse CWE-73 on CWE in Memberships section you can see it is related to A04:2021 Insecure Design, not A03:2021
• is not mentioned in a list of mapped CWEs

I'm not in position to discover what could it be mistaken with. My suggestion is to remove the third from notables or replace it with

• CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection'), or
• CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection'), or
• CWE-91 XML Injection (aka Blind XPath Injection) (based on references section)

When you come to agreement on what needs to be changed, I can prepare a PR for that.

Stay Secure!