Back to CWE list
CWE-491
Public cloneable() Method Without Final ('Object Hijack')
Variant
Draft
Description
A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Integrity
Other
Impact
Unexpected State, Varies by Context
Potential Mitigations
Implementation
Make the cloneable() method final.
Applicable Platforms
Java
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now