CWE-572
Call to Thread run() instead of start()
Description
The product calls a thread's run() method instead of calling start(), which causes the code to run in the thread of the caller instead of the callee.
In most cases a direct call to a Thread object's run() method is a bug. The programmer intended to begin a new thread of control, but accidentally called run() instead of start(), so the run() method will execute in the caller's thread of control.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Quality Degradation, Varies by Context
Potential Mitigations
Use the start() method instead of the run() method.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now