CWE-375
Returning a Mutable Object to an Untrusted Caller
Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function.
Official CWE-375 definition at MITREImpactr finds and proves weaknesses like CWE-375 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist