CWE-493: Critical Public Variable Without Final Modifier
ID
CWE-493
Abstraction
Variant
Structure
Simple
Status
Draft
The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values.
If a field is non-final and public, it can be changed once the value is set by any function that has access to the class which contains the field. This could lead to a vulnerability if other parts of the program make assumptions about the contents of that field.
Modes of Introduction
Phase | Note |
---|---|
Implementation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Java | ||
Language | C++ |
Loading...