logo

CWE-491 - Public cloneable() Method Without Final ('Object Hijack')

CWE-491

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Public cloneable() Method Without Final ('Object Hijack')

Description

A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.

Common Consequences

Scope: Integrity, Other

Impact: Unexpected State, Varies by Context

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website