DerScanner
Home / Vulnerability Database / Scala : Singleton not thread-safe
Scala

Scala : Singleton not thread-safe

Classification

OWASP Top 10 2013
A6-Sensitive Data Exposure
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic Failures
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (d)
CWE
CWE-1032

Overview

Used class is a singleton. In a multithreaded environment, this may lead to a compromise of data.

Singleton exists in a single copy, its fields are available to all users. As a result, a user can access the data of another user.

The Servlet class is a singleton. Its single instance is used to process all requests, some of which may act almost simultaneously from different threads. As a result, data relating to one user after saving into the Servlet class field become available to another user.

References

  1. OWASP Top 10 2017-A3-Sensitive Data Exposure
  2. OWASP Top 10 2013-A6-Sensitive Data Exposure
  3. Servlet API Documentation - docs.oracle.com
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
MEDIUM

DerScanner Severity Score

Do you want to fix Scala : Singleton not thread-safe in your application?

See also

Scala

Scala : Unreleased resource stream

Scala

Scala : Multiple loggers in same class

Scala

Scala : Insufficient encryption key length