CWE-491
Public cloneable() Method Without Final ('Object Hijack')
VariantDraft
Description
A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (1)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-39069 | Hig | 0.51 | 7.8 | 0.03 | Jul 9, 2024 | An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers to execute arbitrary code via a DLL hijacking attack. |