mutated × shared — the answer changes between runs

Concurrent Singleton Mutation

One shared object with mutable per-call state, hit by many threads, lets one request's data bleed into another's.

01the recipe

In the wild

compound ofthis MutationCWE-471 MAID (Modification of Immutable Data)Cross-Boundary State ExposureCWE-567 Unsynchronized AccesscompoundCWE-488 Session Bleed

example.java

// SMELL: one shared instance with mutable state, used by every thread.
// (this mutation x cross-boundary state exposure)
static final SimpleDateFormat FMT = new SimpleDateFormat("yyyy-MM-dd");
String format(Date d) { return FMT.format(d); }   // mutates FMT's internal
                                                  // calendar fields on `this`

// two requests interleave inside format() -> one sees the other's date,
// or a garbled string. Never fails under a single-threaded test.

// RIGHT: don't share mutable state; use an immutable, thread-safe type.
String format(Date d) {
    return DateTimeFormatter.ISO_DATE.format(
        d.toInstant().atZone(ZoneOffset.UTC).toLocalDate());   // no `this` to corrupt
}

SimpleDateFormat mutates fields on `this` inside format(); a single shared instance hit by concurrent requests lets one thread's date bleed into another's output. The immutable DateTimeFormatter has no mutable receiver to race over.

// observed

shared: request A's output carries request B's date (sometimes)
right: immutable formatter -- safe to share across all threads

02weakness catalog

Mapped weaknesses (CWE)

On its own, this defect is catalogued by MITRE as one or more of these weaknesses. The exploitable vulnerability usually appears only when it chains or combines with another.