CWE-491: Public cloneable() Method Without Final ('Object Hijack')

VariantDraft

A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.

View on MITRE

Back to CWE Lookup

Technical Details

Structure: Simple

Applicable To

Languages

Java

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-491

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references