CWE-820: Missing Synchronization
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.
扩展描述
If access to a shared resource is not synchronized, then the resource may not be in a state that is expected by the product. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.
常见后果
影响范围: Integrity Confidentiality Other
技术影响: Modify Application Data Read Application Data Alter Execution Logic
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| The CERT Oracle Secure Coding Standard for Java (2011) | LCK05-J | Synchronize access to static fields that can be modified by untrusted code | - |