CWE-495
Private Data Structure Returned From A Public Method
The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.
Mitigation
Phase: Implementation
Description:
- Declare the method private.
Mitigation
Phase: Implementation
Description:
- Clone the member data and keep an unmodified version of the data private to the object.
Mitigation
Phase: Implementation
Description:
- Use public setter methods that govern how a private member can be modified.
No CAPEC attack patterns related to this CWE.