VariantDraft

CWE-607Public Static Final Field References Mutable Object

Category: other

Description

A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.

Common consequences· 1

  • Integrity — Modify Application Data

Potential mitigations· 1

  • [Implementation]Protect mutable objects by making them private. Restrict access to the getter and setter as well.

References

  1. https://cwe.mitre.org/data/definitions/607.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Public Static Field Not Marked Final
CWE
Critical Public Variable Without Final Modifier
CWE
Array Declared Public, Final, and Static
CWE
Public cloneable() Method Without Final ('Object Hijack')
CWE
Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element
CWE
Serializable Class Containing Sensitive Data
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.