CWE-495 1 CVEs MITRE definition ↗

CWE-495: Private Data Structure Returned From A Public Method

Overview

CWE-495 (Private Data Structure Returned From A Public Method) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Object-Oriented Undetermined
language C Undetermined
language C++ Undetermined
language Java Undetermined
language C# Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2025-29868 2025-04-01 Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user acces…

Previous names

  • Private Array-Typed Field Returned From A Public Method (2019-01-03)

Content submission

Name
7 Pernicious Kingdoms
Date
2006-07-19
Version
Draft 3

Content modifications

Date Name Version Importance Comment
2008-07-01 Sean Eidemiller 1.0 added/updated demonstrative examples
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-08-01 1.0 added/updated white box definitions
2008-09-08 CWE Content Team 1.0 updated Applicable_Platforms, Relationships, Taxonomy_Mappings
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Common_Consequences, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Relationships, White_Box_Definitions
2019-01-03 CWE Content Team 3.2 updated Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations
2020-02-24 CWE Content Team 4.0 updated References, Relationships
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Weakness_Ordinalities
cvelogic Threat Intelligence