The product contains a serializable, storable data element such as a field or member, but the data element contains member elements that are not serializable.

What are the consequences of CWE-1070?

Exploiting CWE-1070 can lead to: Reduce Reliability.

CWE-1070: Serializable Data Element Containing non-Serializable Item Elements

Overview

CWE-1070 (Serializable Data Element Containing non-Serializable Item Elements) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Background

As examples, the serializable nature of a data element comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java.

Common consequences

What can happen when CWE-1070 is exploited.

Reduce Reliability

Affects: Other

This issue can prevent the product from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Implementation

How this weakness relates to others in the CWE hierarchy.

Parent

CWE-1076: Insufficient Adherence to Expected Conventions

Terminology & mappings

Mapped taxonomies

CWE-1070: Serializable Data Element Containing non-Serializable Item Elements

Overview

Background

Common consequences

How it happens

When it is introduced

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-1070?

What are the consequences of CWE-1070?

References

Stay ahead of CWE-1070

Terminology & mappings

Mapped taxonomies

Overview

Background

Common consequences

How it happens

When it is introduced

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-1070?

What are the consequences of CWE-1070?

References

Stay ahead of CWE-1070