SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CWE

Public Static Final Field References Mutable Object

ID: 607		Date: (C)2012-05-14 (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Variant

Description

A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.

Applicable Platforms
Language: Java

Time Of Introduction

Implementation

Common Consequences

Scope	Technical Impact	Notes
Integrity	Modify application data

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
Implementation		Protect mutable objects by making them private. Restrict access to the getter and setter as well.

Relationships

Related CWE	Type	View	Chain
CWE-607 ChildOf CWE-895	Category	CWE-888

Demonstrative Examples (Details)

Here, an array (which is inherently mutable) is labeled public static final.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
Anonymous Tool Vendor (under NDA)

References:
None


30430



423868



247768



909



194555



282