CWE-582: Array Declared Public, Final, and Static

VariantDraft

The product declares an array public, final, and static, which is not sufficient to prevent the array's contents from being modified.

View on MITRE

Back to CWE Lookup

Extended Description

Because arrays are mutable objects, the final constraint requires that the array object itself be assigned only once, but makes no guarantees about the values of the array elements. Since the array is public, a malicious program can change the values stored in the array. As such, in most cases an array declared public, final and static is a bug.

Technical Details

Structure: Simple

Applicable To

Languages

Java

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-582

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references