CWE-498

Cloneable Class Containing Sensitive Information

AI Translation Available

The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.

Status

draft

Abstraction

variant

Likelihood

medium

Affected Platforms

C# C++ Java Object-Oriented

Extended Description

AI Translation

Cloneable classes are effectively open classes, since data cannot be hidden in them. Classes that do not explicitly deny cloning can be cloned by any other class without running the constructor.

Technical Details

AI Translation

Common Consequences

access control

Impacts

bypass protection mechanism

Detection Methods

automated static analysis

Potential Mitigations

Phases:

implementation

Descriptions:

• If you do make your classes clonable, ensure that your clone method is final and throw super.clone().

AI Generated Translation

Common Consequences

controllo degli accessi

Impacts

elusione del meccanismo di protezione

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

implementazione

Descriptions:

• Se rendi le tue classi clonabili, assicurati che il metodo clone sia finale e lancia super.clone().

CWE-498

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter