DerScanner
Home / Vulnerability Database / Kotlin : Singleton not thread-safe
Kotlin

Kotlin : Singleton not thread-safe

Classification

OWASP Top 10 2013
A6-Sensitive Data Exposure
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic Failures
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (d)
CWE
CWE-1032

Overview

Used class is a singleton. In a multithreaded environment, this may lead to a compromise of data.

Singleton exists in a single copy, its fields are available to all users. As a result, a user can access the data of another user.

The Servlet class is a singleton. Its single instance is used to process all requests, some of which may act almost simultaneously from different threads. As a result, data relating to one user after saving into the Servlet class field become available to another user.

References

  1. OWASP Top 10 2017-A3-Sensitive Data Exposure
  2. OWASP Top 10 2013-A6-Sensitive Data Exposure
  3. Servlet API Documentation - docs.oracle.com
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
MEDIUM

DerScanner Severity Score

Do you want to fix Kotlin : Singleton not thread-safe in your application?

See also

Kotlin

Kotlin : Missing required cryptographic step

Kotlin

Kotlin : Logging into system output

Kotlin

Kotlin : Call of notify() in synchronized block