...
This rule is an instance of OBJ06-J. Defensively copy mutable inputs and mutable internal components. Whereas that rule applies to constructors, and other methods that take accept untrusted mutable parametersarguments, this rule applies the same principle to deserialized mutable fields.
...
This noncompliant code example lacks defensive copying of the fails to defensively copy the mutable Date object date, which is mutable. An attacker may might be able to create an instance of MutableSer whose date object contains a nefarious subclass of Date and whose methods can do the attacker's biddingperform actions specified by an attacker. Any code that depends on the immutability of the sub-object is vulnerable.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="645e4bb31e248f74-f2e1f827-401c4f1c-84668308-7f21e6de02da652a95c93a56"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7865a1cbe55ab23a-2bf94462-48be48ca-ab2fbea7-1162c89801f6e1a67562b181"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 76: "Write readObject methods defensively" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="21ed5ee651c68718-e78ec6ef-4a1a41a0-9f5baea2-006103ffebe5f145763b8e29"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | "Serialization specification: A.6 Guarding Unshared Deserialized Objects" | ]]></ac:plain-text-body></ac:structured-macro> |
...