CWE-1070 可序列化数据元素中包含不可序列化项的元素
Serializable Data Element Containing non-Serializable Item Elements
结构: Simple
Abstraction: Base
状态: Incomplete
被利用可能性: unkown
基本描述
The software contains a serializable, storable data element such as a field or member,
but the data element contains member elements that are not
serializable.
扩展描述
This issue can prevent the software from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.
As examples, the serializable nature of a data element comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java.
相关缺陷
- cwe_Nature: ChildOf cwe_CWE_ID: 710 cwe_View_ID: 1000 cwe_Ordinal: Primary
常见的影响
范围 | 影响 | 注释 |
---|---|---|
Other | Reduce Reliability |
分类映射
映射的分类名 | ImNode ID | Fit | Mapped Node Name |
---|---|---|---|
OMG ASCRM | ASCRM-RLB-3 |
引用
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论