About GET A DEMO

Backslash Vulnerability Database

finalize() Method Declared Public

finalize() Method Declared Public

CWE-583

Short description

The product violates secure coding principles for mobile code by declaring a finalize() method public.

Extended description

A product should never call finalize explicitly, except to call super.finalize() inside an implementation of finalize(). In mobile code situations, the otherwise error prone practice of manual garbage collection can become a security threat if an attacker can maliciously invoke a finalize() method because it is declared with public access.

Best practices to prevent this CWE

Phase: Implementation

If you are using finalize() as it was designed, there is no reason to declare finalize() with anything other than protected access.

Prioritize and Uncover Reachable Vulnerabilities in Your Application Code

Identify externally reachable data flows and vulnerabilities for effective risk mitigation

© 2023 Backslash. 28 HaArba'a St., Tel-Aviv Privacy Policy | Terms of Use