CWE-543: Use of Singleton Pattern Without Synchronization in a Multithreaded Context
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses the singleton pattern when creating a resource within a multithreaded environment.
扩展描述
The use of a singleton pattern may not be thread-safe.
常见后果
影响范围: Other Integrity
技术影响: Other Modify Application Data
潜在缓解措施
阶段: Architecture and Design
描述: Use the Thread-Specific Storage Pattern. See References.
阶段: Implementation
描述: Do not use member fields to store information in the Servlet. In multithreading environments, storing user data in Servlet member fields introduces a data access race condition.
阶段: Implementation
描述: Avoid using the double-checked locking pattern in language versions that cannot guarantee thread safety. This pattern may be used to avoid the overhead of a synchronized call, but in certain versions of Java (for example), this has been shown to be unsafe because it still introduces a race condition (CWE-209).
有效性: Limited
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| The CERT Oracle Secure Coding Standard for Java (2011) | MSC07-J | Prevent multiple instantiations of singleton objects | - |
| Software Fault Patterns | SFP19 | Missing Lock | - |