CWE-491: Public cloneable() Method Without Final ('Object Hijack')
A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.
Last updated
Overview
CWE-491 (Public cloneable() Method Without Final ('Object Hijack')) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.