CWE-487 - Reliance on Package-level Scope
- 摘要:Base
- 结构:Simple
- 状态:Incomplete
- 发布日期:2006-07-19
- 更新日期:2025-12-11
名称
Reliance on Package-level Scope
描述
Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.
The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.
常见后果
范围:Confidentiality
影响:Read Application Data
注释:Any data in a Java package can be accessed outside of the Java framework if the package is distributed.
范围:Integrity
影响:Modify Application Data
注释:The data in a Java class can be modified by anyone outside of the Java framework if the package is distributed.