Führe statische Analyse (SAST) auf der Codebasis aus und suche im Datenfluss nach dem unsicheren Muster.
CWE-374 Base Draft
Passing Mutable Objects to an Untrusted Method
This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data.
Definition
What is CWE-374?
This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data.
When you pass a mutable object directly to a method—especially one from an external library or untrusted code—that method can alter or even delete the contents of your object. This breaks a fundamental assumption in your code: that the data you own remains under your control. The called function might change values, add unexpected elements, or clear the object entirely, leading to inconsistent states, crashes, or logic errors in your application.
To prevent this, you should create and pass a defensive copy (a clone or deep copy) of the mutable data before sending it to any code you don't fully control. This ensures the original data remains intact and valid, regardless of what the external method does. Always treat mutable data passed across trust boundaries as potentially hostile and isolate it through copying.
Auswirkungen in der Praxis
Real-world CVEs caused by CWE-374
Bisher sind in MITREs Katalog keine öffentlichen CVE-Referenzen mit dieser CWE verknüpft.
Wie Angreifer es ausnutzen
Angreiferpfad Schritt für Schritt
- 1
The following example demonstrates the weakness.
- 2
In this example, bar and baz will be passed by reference to doOtherStuff() which may change them.
- 3
In the following Java example, the BookStore class manages the sale of books in a bookstore, this class includes the member objects for the bookstore inventory and sales database manager classes. The BookStore class includes a method for updating the sales database and inventory when a book is sold. This method retrieves a Book object from the bookstore inventory object using the supplied ISBN number for the book class, then calls a method for the sales object to update the sales information and then calls a method for the inventory object to update inventory for the BookStore.
- 4
However, in this example the Book object that is retrieved and passed to the method of the sales object could have its contents modified by the method. This could cause unexpected results when the book object is sent to the method for the inventory object to update the inventory.
- 5
In the Java programming language arguments to methods are passed by value, however in the case of objects a reference to the object is passed by value to the method. When an object reference is passed as a method argument a copy of the object reference is made within the method and therefore both references point to the same object. This allows the contents of the object to be modified by the method that holds the copy of the object reference. [REF-374]
Verwundbares Codebeispiel
Vulnerable C
The following example demonstrates the weakness.
private:
int foo;
complexType bar;
String baz;
otherClass externalClass;
public:
void doStuff() {
externalClass.doOtherStuff(foo, bar, baz)
} Sicheres Codebeispiel
Secure Java
To prevent the contents of the Book object from being modified, a copy of the Book object should be made before the method call to the sales object. In the following example a copy of the Book object is made using the clone() method and the copy of the Book object is passed to the method of the sales object. This will prevent any changes being made to the original Book object.
...
public void updateSalesAndInventoryForBookSold(String bookISBN) {
```
// Get book object from inventory using ISBN*
Book book = inventory.getBookWithISBN(bookISBN);
*// Create copy of book object to make sure contents are not changed*
Book bookSold = (Book) book.clone();
*// update sales information for book sold*
sales.updateSalesInformation(bookSold);
*// update inventory*
inventory.updateInventory(book);}
... What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Präventions-Checkliste
How to prevent CWE-374
- Implementation Pass in data which should not be altered as constant or immutable.
- Implementation Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.
Erkennungssignale
How to detect CWE-374
Führe dynamische Application-Security-Tests gegen den Live-Endpoint aus.
Beobachte Runtime-Logs auf ungewöhnliche Exception-Traces, fehlerhafte Eingaben oder Versuche, Autorisierung zu umgehen.
Code Review: Markiere jeden neuen Code, der Eingaben von dieser Oberfläche ohne validierte Framework-Helper verarbeitet.
Plexicus erkennt CWE-374 automatisch und öffnet in unter 60 Sekunden einen Fix-PR.
Codex Remedium scannt jeden Commit, identifiziert genau diese Schwachstelle und liefert einen reviewer-ready Pull Request mit dem Patch. Keine Tickets. Keine Hand-offs.
Häufig gestellte Fragen Was ist CWE-374?
Wie gravierend ist CWE-374?
Welche Sprachen oder Plattformen sind von CWE-374 betroffen?
Wie kann ich CWE-374 verhindern?
Wie erkennt und behebt Plexicus CWE-374?
Wo erfahre ich mehr über CWE-374?
Frequently asked questions
Was ist CWE-374?
This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data.
Wie gravierend ist CWE-374?
MITRE stuft die Exploit-Wahrscheinlichkeit als mittel ein — eine Ausnutzung ist realistisch, erfordert aber meist bestimmte Bedingungen.
Welche Sprachen oder Plattformen sind von CWE-374 betroffen?
MITRE lists the following affected platforms: C, C++, Java, C#.
Wie kann ich CWE-374 verhindern?
Pass in data which should not be altered as constant or immutable. Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.
Wie erkennt und behebt Plexicus CWE-374?
Die SAST-Engine von Plexicus erkennt die Datenfluss-Signatur von CWE-374 bei jedem Commit. Bei einem Treffer öffnet unser Codex-Remedium-Agent einen Fix-PR mit korrigiertem Code, Tests und einer einzeiligen Zusammenfassung für den Reviewer.
Wo erfahre ich mehr über CWE-374?
MITRE veröffentlicht die kanonische Definition unter https://cwe.mitre.org/data/definitions/374.html. Für ergänzende Hinweise kannst du auch die OWASP- und NIST-Dokumentation heranziehen.
Verwandte Schwachstellen
Weaknesses related to CWE-374
CWE-668 Parent
Exposure of Resource to Wrong Sphere
This vulnerability occurs when an application unintentionally makes a resource accessible to users or systems that should not have…
CWE-1189 Sibling
Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
This vulnerability occurs when a System-on-a-Chip (SoC) fails to properly separate shared hardware resources between secure (trusted) and…
CWE-1282 Sibling
Assumed-Immutable Data is Stored in Writable Memory
This vulnerability occurs when data that should be permanent and unchangeable—like a bootloader, device IDs, or one-time configuration…
CWE-1327 Sibling
Binding to an Unrestricted IP Address
This vulnerability occurs when software or a service is configured to bind to the IP address 0.0.0.0 (or :: in IPv6), which acts as a…
CWE-1331 Sibling
Improper Isolation of Shared Resources in Network On Chip (NoC)
This vulnerability occurs when a Network on Chip (NoC) fails to properly separate its internal, shared resources—like buffers, switches,…
CWE-134 Sibling
Use of Externally-Controlled Format String
This vulnerability occurs when a program uses a format string from an untrusted, external source (like user input, a network packet, or a…
CWE-200 Sibling
Exposure of Sensitive Information to an Unauthorized Actor
This weakness occurs when an application unintentionally reveals sensitive data to someone who shouldn't have access to it.
CWE-375 Sibling
Returning a Mutable Object to an Untrusted Caller
This vulnerability occurs when a method directly returns a reference to its internal mutable data, allowing untrusted calling code to…
CWE-377 Sibling
Insecure Temporary File
This vulnerability occurs when an application creates temporary files with insecure permissions or in predictable locations, allowing…
Ressourcen
Further reading
- MITRE — offizielle CWE-374 https://cwe.mitre.org/data/definitions/374.html
- The CLASP Application Security Process https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf
- Does Java pass by reference or pass by value? https://web.archive.org/web/20000619025001/https://www.javaworld.com/javaworld/javaqa/2000-05/03-qa-0526-pass.html
Bereit, wenn du es bist
Schluss mit dem Bezahlen pro Entwickler.
Schließ den Kreislauf.
Plexicus ist die KI-native ASPM, die scannt, filtert, fixt, pentestet und erklärt — autonom. Unbegrenzte Entwickler, unbegrenzte Repos, Fair-Use-KI-Aktionen. Echter kostenloser Tarif, €269/mo jährlich, wenn du bereit bist.