CWE-607: Public Static Final Field References Mutable Object
A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.
Last updated
Overview
CWE-607 (Public Static Final Field References Mutable Object) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Common consequences
What can happen when CWE-607 is exploited.
Modify Application Data
Affects: Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Languages
How to prevent it
Practical mitigations for CWE-607, grouped by where in the lifecycle they apply.
Protect mutable objects by making them private. Restrict access to the getter and setter as well.