Exécuter une analyse statique (SAST) sur le code source à la recherche du motif non sécurisé dans le flux de données.
CWE-374 Base Brouillon
Passing Mutable Objects to an Untrusted Method
This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data.
Définition
What is CWE-374?
This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data.
When you pass a mutable object directly to a method—especially one from an external library or untrusted code—that method can alter or even delete the contents of your object. This breaks a fundamental assumption in your code: that the data you own remains under your control. The called function might change values, add unexpected elements, or clear the object entirely, leading to inconsistent states, crashes, or logic errors in your application.
To prevent this, you should create and pass a defensive copy (a clone or deep copy) of the mutable data before sending it to any code you don't fully control. This ensures the original data remains intact and valid, regardless of what the external method does. Always treat mutable data passed across trust boundaries as potentially hostile and isolate it through copying.
Impact réel
Real-world CVEs caused by CWE-374
Aucune référence CVE publique n'est liée à ce CWE dans le catalogue MITRE pour le moment.
Comment les attaquants l'exploitent
Parcours de l'attaquant étape par étape
- 1
The following example demonstrates the weakness.
- 2
In this example, bar and baz will be passed by reference to doOtherStuff() which may change them.
- 3
In the following Java example, the BookStore class manages the sale of books in a bookstore, this class includes the member objects for the bookstore inventory and sales database manager classes. The BookStore class includes a method for updating the sales database and inventory when a book is sold. This method retrieves a Book object from the bookstore inventory object using the supplied ISBN number for the book class, then calls a method for the sales object to update the sales information and then calls a method for the inventory object to update inventory for the BookStore.
- 4
However, in this example the Book object that is retrieved and passed to the method of the sales object could have its contents modified by the method. This could cause unexpected results when the book object is sent to the method for the inventory object to update the inventory.
- 5
In the Java programming language arguments to methods are passed by value, however in the case of objects a reference to the object is passed by value to the method. When an object reference is passed as a method argument a copy of the object reference is made within the method and therefore both references point to the same object. This allows the contents of the object to be modified by the method that holds the copy of the object reference. [REF-374]
Exemple de code vulnérable
Vulnerable C
The following example demonstrates the weakness.
private:
int foo;
complexType bar;
String baz;
otherClass externalClass;
public:
void doStuff() {
externalClass.doOtherStuff(foo, bar, baz)
} Exemple de code sécurisé
Secure Java
To prevent the contents of the Book object from being modified, a copy of the Book object should be made before the method call to the sales object. In the following example a copy of the Book object is made using the clone() method and the copy of the Book object is passed to the method of the sales object. This will prevent any changes being made to the original Book object.
...
public void updateSalesAndInventoryForBookSold(String bookISBN) {
```
// Get book object from inventory using ISBN*
Book book = inventory.getBookWithISBN(bookISBN);
*// Create copy of book object to make sure contents are not changed*
Book bookSold = (Book) book.clone();
*// update sales information for book sold*
sales.updateSalesInformation(bookSold);
*// update inventory*
inventory.updateInventory(book);}
... What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Liste de contrôle de prévention
How to prevent CWE-374
- Implementation Pass in data which should not be altered as constant or immutable.
- Implementation Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.
Signaux de détection
How to detect CWE-374
Exécuter des tests de sécurité applicative dynamique (DAST) contre le point de terminaison en ligne.
Surveiller les journaux runtime pour détecter des traces d'exception inhabituelles, des entrées malformées ou des tentatives de contournement d'autorisation.
Revue de code : signaler tout nouveau code qui traite les entrées de cette surface sans utiliser les helpers du framework validés.
Plexicus détecte automatiquement CWE-374 et ouvre une PR de correction en moins de 60 secondes.
Codex Remedium analyse chaque commit, identifie cette faiblesse précise et livre une pull request prête à être relue avec le correctif. Pas de tickets. Pas de transferts.
Questions fréquentes Qu'est-ce que CWE-374 ?
Quelle est la gravité de CWE-374 ?
Quels langages ou plateformes sont affectés par CWE-374 ?
Comment puis-je prévenir CWE-374 ?
Comment Plexicus détecte et corrige CWE-374 ?
Où puis-je en savoir plus sur CWE-374 ?
Frequently asked questions
Qu'est-ce que CWE-374 ?
This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data.
Quelle est la gravité de CWE-374 ?
MITRE évalue la probabilité d'exploitation comme Moyenne — l'exploitation est réaliste mais nécessite généralement des conditions spécifiques.
Quels langages ou plateformes sont affectés par CWE-374 ?
MITRE lists the following affected platforms: C, C++, Java, C#.
Comment puis-je prévenir CWE-374 ?
Pass in data which should not be altered as constant or immutable. Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.
Comment Plexicus détecte et corrige CWE-374 ?
Le moteur SAST de Plexicus reconnaît la signature de flux de données de CWE-374 à chaque commit. Lorsqu'une correspondance est trouvée, notre agent Codex Remedium ouvre une PR de correction avec le code corrigé, les tests et un résumé d'une ligne pour le relecteur.
Où puis-je en savoir plus sur CWE-374 ?
MITRE publie la définition canonique à https://cwe.mitre.org/data/definitions/374.html. Vous pouvez également consulter la documentation OWASP et NIST pour des conseils adjacents.
Faiblesses associées
Weaknesses related to CWE-374
CWE-668 Parent
Exposure of Resource to Wrong Sphere
This vulnerability occurs when an application unintentionally makes a resource accessible to users or systems that should not have…
CWE-1189 Frère
Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
This vulnerability occurs when a System-on-a-Chip (SoC) fails to properly separate shared hardware resources between secure (trusted) and…
CWE-1282 Frère
Assumed-Immutable Data is Stored in Writable Memory
This vulnerability occurs when data that should be permanent and unchangeable—like a bootloader, device IDs, or one-time configuration…
CWE-1327 Frère
Binding to an Unrestricted IP Address
This vulnerability occurs when software or a service is configured to bind to the IP address 0.0.0.0 (or :: in IPv6), which acts as a…
CWE-1331 Frère
Improper Isolation of Shared Resources in Network On Chip (NoC)
This vulnerability occurs when a Network on Chip (NoC) fails to properly separate its internal, shared resources—like buffers, switches,…
CWE-134 Frère
Use of Externally-Controlled Format String
This vulnerability occurs when a program uses a format string from an untrusted, external source (like user input, a network packet, or a…
CWE-200 Frère
Exposure of Sensitive Information to an Unauthorized Actor
This weakness occurs when an application unintentionally reveals sensitive data to someone who shouldn't have access to it.
CWE-375 Frère
Returning a Mutable Object to an Untrusted Caller
This vulnerability occurs when a method directly returns a reference to its internal mutable data, allowing untrusted calling code to…
CWE-377 Frère
Insecure Temporary File
This vulnerability occurs when an application creates temporary files with insecure permissions or in predictable locations, allowing…
Ressources
Further reading
- MITRE — CWE-374 officiel https://cwe.mitre.org/data/definitions/374.html
- The CLASP Application Security Process https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf
- Does Java pass by reference or pass by value? https://web.archive.org/web/20000619025001/https://www.javaworld.com/javaworld/javaqa/2000-05/03-qa-0526-pass.html
Prêt quand vous l'êtes
Arrêtez de payer par développeur.
Commencez à fermer la boucle.
Plexicus est l'ASPM natif IA qui scanne, filtre, corrige, penteste et explique — de façon autonome. Développeurs illimités, dépôts illimités, actions IA à usage équitable. Vrai niveau gratuit, €269/mo annuel quand vous êtes prêt.