| CARVIEW |
Select Language
HTTP/2 200
date: Sat, 11 Oct 2025 10:29:17 GMT
content-type: text/html; charset=utf-8
content-encoding: gzip
cf-ray: 98cdaceb7f7b1712-BLR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
age: 0
cache-control: max-age=600
expires: Sat, 11 Oct 2025 10:39:16 GMT
last-modified: Thu, 09 Oct 2025 23:50:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
content-security-policy: default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
permissions-policy: geolocation=(self)
referrer-policy: same-origin
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-fastly-request-id: 0d5bc1a9c733a6fe25d23d63a0825a72f8d8859c
x-frame-options: SAMEORIGIN
x-github-request-id: CE40:97589:6BCD5:86296:68EA317C
x-proxy-cache: MISS
x-served-by: cache-bom-vanm7210089-BOM
x-timer: S1760178557.777474,VS0,VE294
server: cloudflare
Catch NullPointerException | OWASP Foundation
This website uses cookies to analyze our traffic and only share that information with our analytics partners.
Acceptx
Catch NullPointerException
NVD Categorization
CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference: Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.
Description
It is generally a bad practice to catch NullPointerException.
Programmers typically catch NullPointerException under three circumstances:
- The program contains a null pointer dereference. Catching the resulting exception was easier than fixing the underlying problem.
- The program explicitly throws a NullPointerException to signal an error condition.
- The code is part of a test harness that supplies unexpected input to the classes under test.
Of these three circumstances, only the last is acceptable.
Risk Factors
TBD
Examples
The following code mistakenly catches a NullPointerException.
try {
mysteryMethod();
} catch (NullPointerException npe) {
...
}
Related Attacks
Related Vulnerabilities
Related Controls
References
Note: A reference to related CWE or CAPEC article should be added when exists. Eg:
The OWASP® Foundation works to improve the security of software through its community-led open source software projects,
hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.