Home / Vulnerability Database / Scala : Determining type via class name comparison

Scala

Scala : Determining type via class name comparison

Classification

CWE

Overview

The application determines the type of an object based on a class name. Undefined behavior and malicious code injection is possible.

An attacker can create a class of the same name with the malicious code, which will be executed by an application. The class name should not be used as an object type identifier.

References

CWE-486: Comparison of Classes by Name

LOW

Scala : Determining type via class name comparison

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Scala : Determining type via class name comparison in your application?

See also

Scala : Unreleased resource stream

Scala : Multiple loggers in same class

Scala : Insufficient encryption key length