CWE-1066 缺少序列化控件元素
Missing Serialization Control Element
结构: Simple
Abstraction: Base
状态: Incomplete
被利用可能性: unkown
基本描述
The software contains a serializable data element that does not have an associated serialization method.
扩展描述
This issue can prevent the software from running reliably, e.g. by triggering an exeption. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.
As examples, the serializable nature of a data element comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java.
相关缺陷
- cwe_Nature: ChildOf cwe_CWE_ID: 710 cwe_View_ID: 1000 cwe_Ordinal: Primary
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Other | Reduce Reliability |
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| OMG ASCRM | ASCRM-RLB-2 |