CWE-493

Critical Public Variable Without Final Modifier

AI Translation Available

The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values.

Status

draft

Abstraction

variant

Likelihood

high

Affected Platforms

C++ Java Object-Oriented

Extended Description

AI Translation

If a field is non-final and public, it can be changed once the value is set by any function that has access to the class which contains the field. This could lead to a vulnerability if other parts of the program make assumptions about the contents of that field.

Technical Details

AI Translation

Common Consequences

integrity confidentiality

Impacts

modify application data read application data

Detection Methods

automated static analysis

Potential Mitigations

Phases:

implementation

Descriptions:

• Declare all public fields as final when possible, especially if it is used to maintain internal state of an Applet or of classes used by an Applet. If a field must be public, then perform all appropriate sanity checks before accessing the field from your code.

AI Generated Translation

Common Consequences

integrità riservatezza

Impacts

modificare dati applicazione leggere dati applicazione

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

implementazione

Descriptions:

• Dichiara tutti i campi pubblici come final quando possibile, soprattutto se vengono utilizzati per mantenere lo stato interno di un Applet o di classi utilizzate da un Applet. Se un campo deve essere pubblico, allora esegui tutti i controlli di validità appropriati prima di accedere al campo dal tuo codice.

CWE-493

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter