CWE-487 - Reliance on Package-level Scope

  • 摘要:Base
  • 结构:Simple
  • 状态:Incomplete
  • 发布日期:2006-07-19
  • 更新日期:2025-12-11

名称

Reliance on Package-level Scope

描述

Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.

The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.

常见后果

范围:Confidentiality

影响:Read Application Data

注释:Any data in a Java package can be accessed outside of the Java framework if the package is distributed.

范围:Integrity

影响:Modify Application Data

注释:The data in a Java class can be modified by anyone outside of the Java framework if the package is distributed.

相关 CWE