VariantDraft

CWE-500Public Static Field Not Marked Final

Category: other

Description

An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways. Public static variables can be read without an accessor and changed without a mutator by any classes in the application.

Common consequences· 2

  • Integrity — Modify Application Data
    The object could potentially be tampered with.
  • Confidentiality — Read Application Data
    The object could potentially allow the object to be read.

Potential mitigations· 2

  • [Architecture and Design]Clearly identify the scope for all critical data elements, including whether they should be regarded as static.
  • [Implementation]

References

  1. https://cwe.mitre.org/data/definitions/500.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Public Static Final Field References Mutable Object
CWE
Critical Public Variable Without Final Modifier
CWE
Array Declared Public, Final, and Static
CWE
Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element
CWE
Static Member Data Element outside of a Singleton Class Element
CWE
Public cloneable() Method Without Final ('Object Hijack')
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.