CWE-491 4 個 CVE MITRE 定義 ↗

CWE-491:Public cloneable() Method Without Final ('Object Hijack')

概覽

CWE-491(Public cloneable() Method Without Final ('Object Hijack'))描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.

適用平台

類型 名稱 普遍性 OS / CPE
language Java Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2025-63685 2025-11-20 Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signatu…
CVE-2025-60425 2025-10-27 Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attac…
CVE-2025-55622 2025-08-22 Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavio…
CVE-2024-39069 2024-07-09 An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers to execute arbitrary code via a DLL hijacking attack.

曾用名

  • Mobile Code: Object Hijack (2008-04-11)
  • Public cloneable() Method Without Final (aka 'Object Hijack') (2009-05-27)

內容提交

名稱
7 Pernicious Kingdoms
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Sean Eidemiller 1.0 added/updated demonstrative examples
2008-07-01 Eric Dalci 1.0 updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, References, Taxonomy_Mappings
2009-05-27 CWE Content Team 1.4 updated Name
2009-07-27 CWE Content Team 1.5 updated Demonstrative_Examples
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Relationships, Taxonomy_Mappings
2011-06-27 CWE Content Team 2.0 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships, Taxonomy_Mappings
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated Relationships, Taxonomy_Mappings
2020-02-24 CWE Content Team 4.0 updated References, Relationships
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Detection_Factors, Weakness_Ordinalities
cvelogic Threat Intelligence