CWE-111

Direct Use of Unsafe JNI

When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.

Mitigation

Phase: Implementation

Description:

Implement error handling around the JNI call.

Mitigation

Phase: Implementation

Strategy: Refactoring

Description:

Do not use JNI calls if you don't trust the native library.

Mitigation

Phase: Implementation

Strategy: Refactoring

Description:

Be reluctant to use JNI calls. A Java API equivalent may exist.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page