CWE-374

Passing Mutable Objects to an Untrusted Method

BaseDraftLikelihood: Medium

Description

The product sends non-cloned mutable data as an argument to a method or function.

The function or method that has been called can alter or delete the mutable data. This could violate assumptions that the calling function has made about its state. In situations where unknown code is called with references to mutable data, this external code could make changes to the data sent. If this data was not previously cloned, the modified data might not be valid in the context of execution.

Hierarchy (View 1000)

Parents

CWE-668

Children

none

CVEs mapped to this weakness (0)

No CVEs match the current filter.