A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.
Extended Description
N/A
ThreatScore
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
Observed Examples (CVEs)
No observed examples available.
Related Attack Patterns (CAPEC)
N/A
Attack TTPs
N/A
Modes of Introduction
Phase
Note
Implementation
N/A
Common Consequences
Impact: Modify Application Data — Notes:
Potential Mitigations
Implementation: Protect mutable objects by making them private. Restrict access to the getter and setter as well. (N/A)
Applicable Platforms
Java (N/A, Undetermined)
Demonstrative Examples
Intro: Here, an array (which is inherently mutable) is labeled public static final.