CWE-491

Public cloneable() Method Without Final ('Object Hijack')

A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.

Mitigation

Phase: Implementation

Description:

Make the cloneable() method final.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page