Description
The product uses the wrong operator when comparing a string, such as using "==" when the .equals() method should be used instead.
Extended Description
In Java, using == or != to compare two strings for equality actually compares two objects for equality rather than their string values for equality. Chances are good that the two references will never be equal. While this weakness often only affects program correctness, if the equality is used for a security decision, the unintended comparison result could be leveraged to affect program security.
CVE vulnerabilities with CWE-597 (3)
9.8
CVSS
CRITICAL
CVE-2021-3797
pub. 2021-09-15
5.9
CVSS
MEDIUM
CVE-2022-36072
pub. 2022-09-06
5.0
CVSS
MEDIUM
CVE-2021-4259
pub. 2022-12-19