About GET A DEMO

Backslash Vulnerability Database

Object Hijack

Object Hijack

CWE-491

Short description

A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.

Best practices to prevent this CWE

Phase: Implementation

Make the cloneable() method final.

Prioritize and Uncover Reachable Vulnerabilities in Your Application Code

Identify externally reachable data flows and vulnerabilities for effective risk mitigation

© 2023 Backslash. 28 HaArba'a St., Tel-Aviv Privacy Policy | Terms of Use