Executar análise estática (SAST) na base de código à procura do padrão inseguro no fluxo de dados.
CWE-374 Base Rascunho
Passing Mutable Objects to an Untrusted Method
This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data.
Definição
What is CWE-374?
This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data.
When you pass a mutable object directly to a method—especially one from an external library or untrusted code—that method can alter or even delete the contents of your object. This breaks a fundamental assumption in your code: that the data you own remains under your control. The called function might change values, add unexpected elements, or clear the object entirely, leading to inconsistent states, crashes, or logic errors in your application.
To prevent this, you should create and pass a defensive copy (a clone or deep copy) of the mutable data before sending it to any code you don't fully control. This ensures the original data remains intact and valid, regardless of what the external method does. Always treat mutable data passed across trust boundaries as potentially hostile and isolate it through copying.
Impacto no mundo real
Real-world CVEs caused by CWE-374
Ainda não há referências CVE públicas associadas a este CWE no catálogo da MITRE.
Como os atacantes a exploram
Trajeto do atacante passo a passo
- 1
The following example demonstrates the weakness.
- 2
In this example, bar and baz will be passed by reference to doOtherStuff() which may change them.
- 3
In the following Java example, the BookStore class manages the sale of books in a bookstore, this class includes the member objects for the bookstore inventory and sales database manager classes. The BookStore class includes a method for updating the sales database and inventory when a book is sold. This method retrieves a Book object from the bookstore inventory object using the supplied ISBN number for the book class, then calls a method for the sales object to update the sales information and then calls a method for the inventory object to update inventory for the BookStore.
- 4
However, in this example the Book object that is retrieved and passed to the method of the sales object could have its contents modified by the method. This could cause unexpected results when the book object is sent to the method for the inventory object to update the inventory.
- 5
In the Java programming language arguments to methods are passed by value, however in the case of objects a reference to the object is passed by value to the method. When an object reference is passed as a method argument a copy of the object reference is made within the method and therefore both references point to the same object. This allows the contents of the object to be modified by the method that holds the copy of the object reference. [REF-374]
Exemplo de código vulnerável
Vulnerable C
The following example demonstrates the weakness.
private:
int foo;
complexType bar;
String baz;
otherClass externalClass;
public:
void doStuff() {
externalClass.doOtherStuff(foo, bar, baz)
} Exemplo de código seguro
Secure Java
To prevent the contents of the Book object from being modified, a copy of the Book object should be made before the method call to the sales object. In the following example a copy of the Book object is made using the clone() method and the copy of the Book object is passed to the method of the sales object. This will prevent any changes being made to the original Book object.
...
public void updateSalesAndInventoryForBookSold(String bookISBN) {
```
// Get book object from inventory using ISBN*
Book book = inventory.getBookWithISBN(bookISBN);
*// Create copy of book object to make sure contents are not changed*
Book bookSold = (Book) book.clone();
*// update sales information for book sold*
sales.updateSalesInformation(bookSold);
*// update inventory*
inventory.updateInventory(book);}
... What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de verificação de prevenção
How to prevent CWE-374
- Implementation Pass in data which should not be altered as constant or immutable.
- Implementation Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.
Sinais de deteção
How to detect CWE-374
Executar testes dinâmicos de segurança de aplicações (DAST) contra o endpoint em execução.
Monitorizar os registos em tempo de execução para traços de exceção invulgares, input malformado ou tentativas de contornar a autorização.
Revisão de código: sinalizar qualquer novo código que trate input desta superfície sem usar os ajudantes validados do framework.
O Plexicus deteta automaticamente o CWE-374 e abre um PR de correção em menos de 60 segundos.
O Codex Remedium analisa cada commit, identifica esta fraqueza exata e entrega um pull request pronto para revisão com o patch. Sem tickets. Sem transferências.
Perguntas frequentes O que é o CWE-374?
Qual a gravidade do CWE-374?
Que linguagens ou plataformas são afetadas pelo CWE-374?
Como posso prevenir o CWE-374?
Como é que o Plexicus deteta e corrige o CWE-374?
Onde posso saber mais sobre o CWE-374?
Frequently asked questions
O que é o CWE-374?
This vulnerability occurs when a function receives a direct reference to mutable data, such as an object or array, instead of a safe copy of that data.
Qual a gravidade do CWE-374?
A MITRE classifica a probabilidade de exploração como Média — a exploração é realista mas normalmente requer condições específicas.
Que linguagens ou plataformas são afetadas pelo CWE-374?
MITRE lists the following affected platforms: C, C++, Java, C#.
Como posso prevenir o CWE-374?
Pass in data which should not be altered as constant or immutable. Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.
Como é que o Plexicus deteta e corrige o CWE-374?
O motor SAST do Plexicus correlaciona a assinatura de fluxo de dados do CWE-374 em cada commit. Quando é encontrada uma correspondência, o nosso agente Codex Remedium abre um PR de correção com o código corrigido, testes e um resumo de uma linha para o revisor.
Onde posso saber mais sobre o CWE-374?
A MITRE publica a definição canónica em https://cwe.mitre.org/data/definitions/374.html. Pode também consultar a documentação da OWASP e do NIST para orientações adjacentes.
Fraquezas relacionadas
Weaknesses related to CWE-374
CWE-668 Pai
Exposure of Resource to Wrong Sphere
This vulnerability occurs when an application unintentionally makes a resource accessible to users or systems that should not have…
CWE-1189 Irmão
Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
This vulnerability occurs when a System-on-a-Chip (SoC) fails to properly separate shared hardware resources between secure (trusted) and…
CWE-1282 Irmão
Assumed-Immutable Data is Stored in Writable Memory
This vulnerability occurs when data that should be permanent and unchangeable—like a bootloader, device IDs, or one-time configuration…
CWE-1327 Irmão
Binding to an Unrestricted IP Address
This vulnerability occurs when software or a service is configured to bind to the IP address 0.0.0.0 (or :: in IPv6), which acts as a…
CWE-1331 Irmão
Improper Isolation of Shared Resources in Network On Chip (NoC)
This vulnerability occurs when a Network on Chip (NoC) fails to properly separate its internal, shared resources—like buffers, switches,…
CWE-134 Irmão
Use of Externally-Controlled Format String
This vulnerability occurs when a program uses a format string from an untrusted, external source (like user input, a network packet, or a…
CWE-200 Irmão
Exposure of Sensitive Information to an Unauthorized Actor
This weakness occurs when an application unintentionally reveals sensitive data to someone who shouldn't have access to it.
CWE-375 Irmão
Returning a Mutable Object to an Untrusted Caller
This vulnerability occurs when a method directly returns a reference to its internal mutable data, allowing untrusted calling code to…
CWE-377 Irmão
Insecure Temporary File
This vulnerability occurs when an application creates temporary files with insecure permissions or in predictable locations, allowing…
Recursos
Further reading
- MITRE — CWE-374 oficial https://cwe.mitre.org/data/definitions/374.html
- The CLASP Application Security Process https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf
- Does Java pass by reference or pass by value? https://web.archive.org/web/20000619025001/https://www.javaworld.com/javaworld/javaqa/2000-05/03-qa-0526-pass.html
Pronto quando você estiver
Pare de pagar por desenvolvedor.
Comece a fechar o ciclo.
O Plexicus é o ASPM nativo de IA que verifica, filtra, corrige, pentesta e explica — de forma autónoma. Programadores ilimitados, repos ilimitados, ações de IA de utilização justa. Nível gratuito real, €269/mo anual quando estiver pronto.