CWE-374: Passing Mutable Objects to an Untrusted Method
The product sends non-cloned mutable data as an argument to a method or function.
Last updated
Overview
The function or method that has been called can alter or delete the mutable data. This could violate assumptions that the calling function has made about its state. In situations where unknown code is called with references to mutable data, this external code could make changes to the data sent. If this data was not previously cloned, the modified data might not be valid in the context of execution.
Real-world CVEs
1 recorded CVEs are caused by CWE-374 (Passing Mutable Objects to an Untrusted Method). The highest-severity and most recent are shown first.
Common consequences
What can happen when CWE-374 is exploited.
Modify Memory
Affects: Integrity
Potentially data could be tampered with by another function which should not have been tampered with.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.