Making defensive copies of mutable method parameters mitigates mitigate against a variety of security vulnerabilities; see OBJ06-J. Defensively copy mutable inputs and mutable internal components for additional information. However, inappropriate use of the clone() method can allow an attacker to exploit vulnerabilities by providing arguments that pass initial validation appear normal but subsequently return unexpected values. Such objects may consequently bypass validation and security checks. Never use the clone() method of nonfinal classes to make defensive copies. When such a class is passed as an argument to a method, treat the argument as untrusted and do not use the clone() method provided by the class. Also, do not use the clone() method of nonfinal classes to make defensive copies.
This guideline is a specific instance of OBJ58-JG. Do not rely on overridden methods provided by untrusted code.
...
This compliant solution avoids using the clone() method. Instead, it creates a new java.util.Date object that is subsequently used for access control checks and for insertion into the database:
...
Using the clone() method to copy untrusted arguments affords attackers the opportunity to bypass validation and security checksexecute arbitrary code.
Bibliography
...