NULL Pointer Dereference The advisory has been revoked - it doesn't affect any version of package joda-time:joda-time Open this link in a new tab
Threat Intelligence
EPSS
0.05% (15th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-JODATIME-6595834
- published 11 Apr 2024
- disclosed 10 Apr 2024
- credit LLM4IG
Introduced: 10 Apr 2024
New CVE-2024-23080 Open this link in a new tabAmendment
This was deemed not a vulnerability.
Overview
Affected versions of this package are vulnerable to NULL Pointer Dereference via the component org.joda.time.format.PeriodFormat::wordBased(Locale)
. An attacker can trigger a NullPointerException
by supplying a null value to the Locale
parameter.
Note:
After further investigations, this was found to not be a security issue.