CWE-491 – Public cloneable() Method Without Final (‘Object Hijack’)
Description A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can...
CWE-49 – Path Equivalence: ‘filename/’ (Trailing Slash)
Description A software system that accepts path input in the form of trailing slash ('filedir/') without appropriate validation can lead to ambiguous path resolution and...
CWE-489 – Active Debug Code
Description The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information....
CWE-488 – Exposure of Data Element to Wrong Session
Description The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong...
CWE-487 – Reliance on Package-level Scope
Description Java packages are not inherently closed; therefore, relying on them for code security is not a good practice. The purpose of package scope is...
CWE-486 – Comparison of Classes by Name
Description The program compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name. If...
CWE-484 – Omitted Break Statement in Switch
Description The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems...
CWE-483 – Incorrect Block Delimitation
Description The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error. In some languages,...
CWE-482 – Comparing instead of Assigning
Description The code uses an operator for comparison when the intention was to perform an assignment. In many languages, the compare statement is very close...
CWE-481 – Assigning instead of Comparing
Description The code uses an operator for assignment when the intention was to perform a comparison. In many languages the compare statement is very close...