CWE-496 |
Assigning public data to a private array is equivalent to giving public access to the array. |
CWE-497 |
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does. |
CWE-498 |
The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class. |
CWE-499 |
The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the class through another class. |
CWE-5 |
Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted. |
CWE-50 |
A software system that accepts path input in the form of multiple leading slash ('//multiple/leading/slash') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
CWE-500 |
An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways. |
CWE-501 |
The product mixes trusted and untrusted data in the same data structure or structured message. |
CWE-502 |
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. |
CWE-506 |
The application contains code that appears to be malicious in nature. |