CWE-374

Passing Mutable Objects to an Untrusted Method

The product sends non-cloned mutable data as an argument to a method or function.

Mitigation

Phase: Implementation

Description:

  • Pass in data which should not be altered as constant or immutable.
Mitigation

Phase: Implementation

Description:

  • Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page