CWE-495

Private Data Structure Returned From A Public Method

Variant

Draft

Description

The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.

Parent Weaknesses (ChildOf)

CWE-664: Improper Control of a Resource...

Common Consequences

Scope

Integrity

Impact

Modify Application Data

Potential Mitigations

Implementation

Declare the method private.

Implementation

Clone the member data and keep an unmodified version of the data private to the object.

Implementation

Use public setter methods that govern how a private member can be modified.

Applicable Platforms

Object-Oriented

C++

Java

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-495

Private Data Structure Returned From A Public Method

Description

Relationships

Common Consequences

Potential Mitigations

Applicable Platforms