The code has a return statement inside a finally block, which will cause any thrown exception in the try block to be discarded.
View on MITREDo not use a return statement inside the finally block. The finally block should have "cleanup" code.
No detection method information available for this CWE.
In the following code excerpt, the IllegalArgumentException will never be delivered to the caller. The finally block will cause the exception to be discarded.
No relationship information available for this CWE.
CWE-584: Return Inside Finally Block is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The code has a return statement inside a finally block, which will cause any thrown exception in the try block to be discarded.
If exploited, CWE-584 (Return Inside Finally Block) it can compromise Other, leading to outcomes such as Alter Execution Logic.
Recommended mitigations for CWE-584 include: Do not use a return statement inside the finally block. The finally block should have "cleanup" code.
A CWE (Common Weakness Enumeration) like CWE-584 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.