CVE-2024-23081

Name of the Vulnerable Software and Affected Versions ThreeTen Backport version 1.6.8

Description A NullPointerException was discovered in the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). However, the existence of this issue is disputed by multiple third parties due to potentially insufficient evidence. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.

Recommendations For ThreeTen Backport version 1.6.8, consider temporarily disabling or restricting the use of the compareTo(ChronoLocalDate) function in the org.threeten.bp.LocalDate component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.