DerScanner
Home / Vulnerability Database / Groovy : Public Cloneable method without final modifier ('Object Hijack')
Groovy

Groovy : Public Cloneable method without final modifier ('Object Hijack')

Classification

CWE
CWE-491

Overview

A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor.

This can cause the object to be in an unexpected state.

References

  1. CWE-491: Object Hijack
  2. Owasp: Object Hijack
MEDIUM

DerScanner Severity Score

Do you want to fix Groovy : Public Cloneable method without final modifier ('Object Hijack') in your application?

See also

Groovy

Groovy : Weak hashing algorithm

Groovy

Groovy : Hardcoded salt

Groovy

Groovy : Unsafe padding