CVE-2024-23081
LowCVSS 3.3Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
A NullPointerException was discovered in ThreeTen Backport v1.6.8 in the org.threeten.bp.LocalDate::compareTo(ChronoLocalDate) component. However, multiple third parties dispute the validity of this finding, suggesting it may be based on an insufficiently robust vulnerability identification tool.
Risk Assessment
If genuine, this vulnerability could cause application crashes (DoS) when processing dates. However, due to the disputed nature of the report, the actual risk is uncertain.
Recommendation
Monitor official updates for the ThreeTen Backport library and consider implementing temporary mitigations such as input validation before using the compareTo method.
Original NVD description (English source)
ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.

