CWE-493: Critical Public Variable Without Final Modifier
ID
CWE-493
Abstraction
Variant
Structure
Simple
Status
Draft
The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values.
If a field is non-final and public, it can be changed once the value is set by any function that has access to the class which contains the field. This could lead to a vulnerability if other parts of the program make assumptions about the contents of that field.
Modes of Introduction
| Phase | Note |
|---|---|
| Implementation |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | Java | ||
| Language | C++ |
Loading...