CWE-543
Use of Singleton Pattern Without Synchronization in a Multithreaded Context
Description
The product uses the singleton pattern when creating a resource within a multithreaded environment.
The use of a singleton pattern may not be thread-safe.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Other, Modify Application Data
Potential Mitigations
Use the Thread-Specific Storage Pattern. See References.
Do not use member fields to store information in the Servlet. In multithreading environments, storing user data in Servlet member fields introduces a data access race condition.
Avoid using the double-checked locking pattern in language versions that cannot guarantee thread safety. This pattern may be used to avoid the overhead of a synchronized call, but in certain versions of Java (for example), this has been shown to be unsafe because it still introduces a race condition (CWE-209).
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now