CWE-374: Passing Mutable Objects to an Untrusted Method

CWE-374: Passing Mutable Objects to an Untrusted Method | RadicalNotion.AI

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following example demonstrates the weakness.

Vulnerable example

private:

In this example, bar and baz will be passed by reference to doOtherStuff() which may change them.

In the following Java example, the BookStore class manages the sale of books in a bookstore, this class includes the member objects for the bookstore inventory and sales database manager classes. The BookStore class includes a method for updating the sales database and inventory when a book is sold. This method retrieves a Book object from the bookstore inventory object using the supplied ISBN number for the book class, then calls a method for the sales object to update the sales information and then calls a method for the inventory object to update inventory for the BookStore.

Vulnerable example

java

public class BookStore {

CWE-374: Passing Mutable Objects to an Untrusted Method

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-374?

What CVEs are caused by CWE-374?

How do you prevent CWE-374?

What are the consequences of CWE-374?

Is CWE-374 actively exploited?

References

Stay ahead of CWE-374

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-374?

What CVEs are caused by CWE-374?

How do you prevent CWE-374?

What are the consequences of CWE-374?

Is CWE-374 actively exploited?

References

Stay ahead of CWE-374