Home / Vulnerability Database / Java : Determining type via class name comparison

Java

Java : Determining type via class name comparison

Classification

CWE

Overview

The application determines the type of an object based on a class name. Undefined behavior and malicious code injection is possible.

An attacker can create a class of the same name with the malicious code, which will be executed by an application. The class name should not be used as an object type identifier.

References

CWE-486: Comparison of Classes by Name

LOW

Java : Determining type via class name comparison

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Java : Determining type via class name comparison in your application?

See also

Java : Race condition

Java : Text4Shell Vulnerability

Java : JNI usage