CVE-2024-23078

Name of the Vulnerable Software and Affected Versions JGraphT Core version 1.5.2

Description A NullPointerException was discovered in JGraphT Core via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). However, the existence of this issue is disputed by multiple third parties due to potentially insufficient evidence. The compare function is used for comparing Double values, but the specifics of how it leads to a NullPointerException are not detailed. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For JGraphT Core version 1.5.2, consider temporarily disabling or restricting the use of the org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double) component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.