CWE-495 - Private Data Structure Returned From A Public Method

CWE-495

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Private Data Structure Returned From A Public Method

Description: The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.

Common Consequences: Scope: Integrity
Impact: Modify Application Data
Notes: The contents of the data structure can be modified from outside the intended scope.

Related Weaknesses: CWE-664Improper Control of a Resource Through its Lifetime

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard