CWE-583 - finalize() Method Declared Public
CWE-583
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
finalize() Method Declared Public
- Description
The product violates secure coding principles for mobile code by declaring a finalize() method public.
A product should never call finalize explicitly, except to call super.finalize() inside an implementation of finalize(). In mobile code situations, the otherwise error prone practice of manual garbage collection can become a security threat if an attacker can maliciously invoke a finalize() method because it is declared with public access.
- Common Consequences
Scope: Confidentiality, Integrity, Availability
Impact: Alter Execution Logic, Execute Unauthorized Code or Commands, Modify Application Data
- Related Weaknesses
- Release Date:
- 2006-12-15
- Latest Modification Date:
- 2023-06-29
Free security scan for your website