CVE-2024-23083

Name of the Vulnerable Software and Affected Versions Time4J Base version 5.9.3

Description A NullPointerException was discovered in Time4J Base via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale). However, the existence of this issue is disputed by multiple third parties, who question the evidence and the tool used for vulnerability identification.

Recommendations For Time4J Base version 5.9.3, consider temporarily disabling the useDefaultWeekmodel(Locale) function in net.time4j.format.internal.FormatUtils as a mitigation measure until further clarification or a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.