logo

CWE-374 - Passing Mutable Objects to an Untrusted Method

CWE-374 Medium

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Passing Mutable Objects to an Untrusted Method

Description

The product sends non-cloned mutable data as an argument to a method or function.

The function or method that has been called can alter or delete the mutable data. This could violate assumptions that the calling function has made about its state. In situations where unknown code is called with references to mutable data, this external code could make changes to the data sent. If this data was not previously cloned, the modified data might not be valid in the context of execution.

Common Consequences

Scope: Integrity

Impact: Modify Memory

Notes: Potentially data could be tampered with by another function which should not have been tampered with.

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website