CWE-487—Reliance on Package-level Scope
PUBLISHEDweakness recordMedium
released 2006-07-19 · last modified 2025-12-11
Metadata
名称
Reliance on Package-level Scope
描述
Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.
The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.