Ejecuta análisis estático (SAST) sobre el código buscando el patrón inseguro en el flujo de datos.
CWE-374 Base Borrador
Passing Mutable Objects to an Untrusted Method
This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data.
Definición
What is CWE-374?
This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data.
When you pass a mutable object directly to a method—especially one from an external library or untrusted code—that method can alter or even delete the contents of your object. This breaks a fundamental assumption in your code: that the data you own remains under your control. The called function might change values, add unexpected elements, or clear the object entirely, leading to inconsistent states, crashes, or logic errors in your application.
To prevent this, you should create and pass a defensive copy (a clone or deep copy) of the mutable data before sending it to any code you don't fully control. This ensures the original data remains intact and valid, regardless of what the external method does. Always treat mutable data passed across trust boundaries as potentially hostile and isolate it through copying.
Impacto en el mundo real
Real-world CVEs caused by CWE-374
Todavía no hay CVEs públicos enlazados a esta CWE en el catálogo de MITRE.
Cómo lo explotan los atacantes
Ruta del atacante paso a paso
- 1
The following example demonstrates the weakness.
- 2
In this example, bar and baz will be passed by reference to doOtherStuff() which may change them.
- 3
In the following Java example, the BookStore class manages the sale of books in a bookstore, this class includes the member objects for the bookstore inventory and sales database manager classes. The BookStore class includes a method for updating the sales database and inventory when a book is sold. This method retrieves a Book object from the bookstore inventory object using the supplied ISBN number for the book class, then calls a method for the sales object to update the sales information and then calls a method for the inventory object to update inventory for the BookStore.
- 4
However, in this example the Book object that is retrieved and passed to the method of the sales object could have its contents modified by the method. This could cause unexpected results when the book object is sent to the method for the inventory object to update the inventory.
- 5
In the Java programming language arguments to methods are passed by value, however in the case of objects a reference to the object is passed by value to the method. When an object reference is passed as a method argument a copy of the object reference is made within the method and therefore both references point to the same object. This allows the contents of the object to be modified by the method that holds the copy of the object reference. [REF-374]
Ejemplo de código vulnerable
Vulnerable C
The following example demonstrates the weakness.
private:
int foo;
complexType bar;
String baz;
otherClass externalClass;
public:
void doStuff() {
externalClass.doOtherStuff(foo, bar, baz)
} Ejemplo de código seguro
Secure Java
To prevent the contents of the Book object from being modified, a copy of the Book object should be made before the method call to the sales object. In the following example a copy of the Book object is made using the clone() method and the copy of the Book object is passed to the method of the sales object. This will prevent any changes being made to the original Book object.
...
public void updateSalesAndInventoryForBookSold(String bookISBN) {
```
// Get book object from inventory using ISBN*
Book book = inventory.getBookWithISBN(bookISBN);
*// Create copy of book object to make sure contents are not changed*
Book bookSold = (Book) book.clone();
*// update sales information for book sold*
sales.updateSalesInformation(bookSold);
*// update inventory*
inventory.updateInventory(book);}
... What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de prevención
How to prevent CWE-374
- Implementation Pass in data which should not be altered as constant or immutable.
- Implementation Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.
Señales de detección
How to detect CWE-374
Ejecuta pruebas dinámicas de seguridad de aplicaciones (DAST) contra el endpoint en vivo.
Vigila los logs en tiempo de ejecución para detectar trazas de excepción inusuales, entradas malformadas o intentos de bypass de autorización.
Revisión de código: marca cualquier código nuevo que maneje entrada desde esta superficie sin usar los helpers validados del framework.
Plexicus detecta automáticamente CWE-374 y abre un PR de corrección en menos de 60 segundos.
Codex Remedium escanea cada commit, identifica esta debilidad concreta y entrega un pull request listo para revisión con el parche. Sin tickets. Sin traspasos.
Preguntas frecuentes ¿Qué es CWE-374?
¿Qué gravedad tiene CWE-374?
¿Qué lenguajes o plataformas se ven afectados por CWE-374?
¿Cómo puedo prevenir CWE-374?
¿Cómo detecta y corrige Plexicus CWE-374?
¿Dónde puedo aprender más sobre CWE-374?
Frequently asked questions
¿Qué es CWE-374?
This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data.
¿Qué gravedad tiene CWE-374?
MITRE califica la probabilidad de explotación como Media — la explotación es realista pero suele requerir condiciones específicas.
¿Qué lenguajes o plataformas se ven afectados por CWE-374?
MITRE lists the following affected platforms: C, C++, Java, C#.
¿Cómo puedo prevenir CWE-374?
Pass in data which should not be altered as constant or immutable. Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.
¿Cómo detecta y corrige Plexicus CWE-374?
El motor SAST de Plexicus detecta la firma de flujo de datos para CWE-374 en cada commit. Cuando hay coincidencia, nuestro agente Codex Remedium abre un PR de corrección con el código corregido, las pruebas y un resumen de una línea para el revisor.
¿Dónde puedo aprender más sobre CWE-374?
MITRE publica la definición canónica en https://cwe.mitre.org/data/definitions/374.html. También puedes consultar la documentación de OWASP y NIST para guías relacionadas.
Debilidades relacionadas
Weaknesses related to CWE-374
CWE-668 Padre
Exposure of Resource to Wrong Sphere
This vulnerability occurs when an application unintentionally makes a resource accessible to users or systems that should not have…
CWE-1189 Hermano
Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
This vulnerability occurs when a System-on-a-Chip (SoC) fails to properly separate shared hardware resources between secure (trusted) and…
CWE-1282 Hermano
Assumed-Immutable Data is Stored in Writable Memory
This vulnerability occurs when data that should be permanent and unchangeable—like a bootloader, device IDs, or one-time configuration…
CWE-1327 Hermano
Binding to an Unrestricted IP Address
This vulnerability occurs when software or a service is configured to bind to the IP address 0.0.0.0 (or :: in IPv6), which acts as a…
CWE-1331 Hermano
Improper Isolation of Shared Resources in Network On Chip (NoC)
This vulnerability occurs when a Network on Chip (NoC) fails to properly separate its internal, shared resources—like buffers, switches,…
CWE-134 Hermano
Use of Externally-Controlled Format String
This vulnerability occurs when a program uses a format string from an untrusted, external source (like user input, a network packet, or a…
CWE-200 Hermano
Exposure of Sensitive Information to an Unauthorized Actor
This weakness occurs when an application unintentionally reveals sensitive data to someone who shouldn't have access to it.
CWE-375 Hermano
Returning a Mutable Object to an Untrusted Caller
This vulnerability occurs when a method directly returns a reference to its internal mutable data, allowing untrusted calling code to…
CWE-377 Hermano
Insecure Temporary File
This vulnerability occurs when an application creates temporary files with insecure permissions or in predictable locations, allowing…
Recursos
Further reading
- MITRE — CWE-374 oficial https://cwe.mitre.org/data/definitions/374.html
- The CLASP Application Security Process https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf
- Does Java pass by reference or pass by value? https://web.archive.org/web/20000619025001/https://www.javaworld.com/javaworld/javaqa/2000-05/03-qa-0526-pass.html
Listo cuando tú lo estés
Deja de pagar por desarrollador.
Empieza a cerrar el bucle.
Plexicus es el ASPM nativo de IA que escanea, filtra, corrige, pentestea y explica — de forma autónoma. Desarrolladores ilimitados, repos ilimitados, acciones de IA de uso justo. Nivel gratuito real, €269/mo anual cuando estés listo.